Christmas day is a time for happiness and relaxation, but Steam users were greeted by a rather rude (and confusing) awakening that morning. All over the Internet, users were sent into panic as they found that they could view the private transaction history and e-mail addresses of other users when they visited Steam’s Account Information page. Even more baffling, re-visiting the Account Information page would lead you to a new user’s profile every time, even changing the website’s language on a whim.
The Christmas cacophony continued for about an hour, with no response from Valve. Finally, Valve shut down access to its Store page.
By this point, Valve had still not given word on the nature of the chaos. Steam tracking website Steam Database speculated that Steam’s user identity crisis was not due to the work of hackers as some had speculated, but was rather due to a caching error.
They then advised users to not unlink their credit cards and PayPal information through Steam itself.
Several hours later, Steam’s stores were back online. Valve issued an official statement on the matter, confirming that the mayhem was indeed caused by a caching error:
Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
Steam Database further speculated that what happened in the attack was that a glitch in the software that Steam uses to stores its private user pages, which became overworked from the holiday traffic and thus displayed pages that were meant for one user to potentially anyone.
Steam DB concluded their report by advising all users to avoid storing their billing information on Steam’s store, in case of future mishaps. As mighty as Valve and Steam might be, even giants are prone to the errors of mere mortals. It is in the Steam community’s best interest to stay as safe as possible when it comes to the wilderness of e-commerce, so following Steam DB’s advice is a sound decision.