Steam suffered a severe malfunction today, as users are reporting that they have logged into the service only to have access to others’ accounts and information. This information allegedly includes addresses, wallet amounts, and partial credit card numbers.
The prevailing theory is that this is a problem from inside the service — a security hole or cache error — and not the result of hackers. Users are advised to change their Paypal password if linked to a Steam account and not to click on Steam store pages or make purchases until this is fully sorted out.
Valve shut down the store for a couple of hours this afternoon before bringing it back up. Kotaku reports that it appears to be fixed now. It should be noted that hacker groups had made specific threats to bring Steam down today.
“Steam is back up and running without any known issues,” a company spokesperson said. The company is blaming a ‘configuration change’ earlier today that randomly let some Steam users view others’ account pages, but it says the window was no longer than one hour. “We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users,” they added.
The company has apparently not yet addressed or apologized for broadly exposing user information like addresses and partial credit card data. Probably because lawyers.