Steam's Christmas privacy issues affected 34,000 users

The Steam Store was the victim of a DoS attack on December 25th, leading to a privacy breach.

On Christmas day, up to 34,000 Steam members were able to view other users' private information, including billing and email addresses, following a glitch triggered by a denial-of-service attack, Valve announced today. On the day of the attack, Valve said that the glitch was the result of a caching issue, and that users were able to view strangers' information, though they couldn't take action on other people's accounts. Valve's update today clarifies the caching issue, attributing it to the DoS attack.

"In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic," Valve writes. "During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users."

The bug was live from 11:50AM PST to 1:20PM PST and affected only users browsing the Steam Store at that time. If you didn't access your own private information on Steam during this window, you're fine. Valve is working to identify users whose information may have been compromised and promises to contact them.