Steam had serious issues back on December 25, and Valve has issued a statement explaining just what happened, stating it was a result of the company’s response to a DOS (denial of service) attack, rather than the DOS attack itself. This led to personal information being exposed, including usernames, Steam Wallet contents, and other data.
According to the post by the company, ”Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users.” However, ”during the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.”
Valve went on to explain:
”In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
”Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.”
Naturally, this explanation didn’t make users feel any safer.
This attack and response comes at a sensitive time when Valve is having legal action being taken against it by a French consumer advocate, which is citing ”Valve declines any responsibility in case they get hacked and users’ personal info get stolen.” If users come forward saying they’re the victims of a scammer as a result of the DOS attack, it’ll be interesting to see how Valve responds to the claims.
