A DoS attack reportedly revealed account details of around 34K users of Steam, a popular gaming platform, to others.
Moreover, the service remained down on Christmas while the company was busy identifying those affected by the attack.
Steam also confirmed that its website was attacked on Christmas Day and details of 34,000 users might have been leaked.
The attack occurred between 11.50am and 1:20 pm PST and a “configuration error” displayed on Steam Store pages, which were generated for other users.
In an official statement, Valve explained:
“The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address.”
“These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.”
However, the information of all users who visited Steam’s website on December 25 were not revealed, just those who used their account or checkout page.
According to Valve, the team was working with its web caching partner to discover the users whose information was leaked to others and the company will personally contact them once they are identified.
The DoS attack prevented users fro, accessing the Store pages.
Valve maintains that such attacks are “regular occurrences” for Steam as the website has been a very lucrative target for attackers on important days like Christmas because its traffic increases by 2,000% during its sale.
Earlier this month, Valve vowed to protect users’ account after acknowledging that there are 77,000 Steam accounts hacked each month. However, the ongoing situation seems otherwise.