Steam has been caught providing access to one user’s personal account to another user — It is unclear if the service was hacked or it was a Christmas fail.
Just a couple of hours ago HackRead reported that a group of wannabe hackers have shut down Steam servers but what happened now is not only weird but significantly more damaging than a DDoS attack.
Steam has been caught providing access to one user personal account to another user; for example, if you have a steam account, it has been opened for login to any other steam user on the web. It is unclear if someone hacked the company’s server or it was some Christmas prank or a fail. Either way, this will cost steam dearly.
Jason Schreier of Kotaku explains that he personally examined the issue and after reviewing his account he found that one can have access to other people’s account by trying to view their licenses and purchase history.
I can confirm that: Steam gave me access to another person's account with credit card info and purchase history pic.twitter.com/IzhE4M5sme
— Steam Spy (@Steam_Spy) December 25, 2015
Earlier this month, Valve vowed to protect users’ account after acknowledging that there are 77,000 Steam accounts hacked each month. However, the ongoing situation seems otherwise.
At the moment, Valve has shut down the Steam store (hopefully until the issue is resolved) but it will be interesting to see what really happened.
Update:
A tweet from Steam Database account claims this is not a security breach but a cache issue:
By the way, this is not a security breach. This is page caching gone rogue. Most likely not respecting Cache-Control headers.
— SteamDB (@SteamDB) December 25, 2015
Stay tuned for more on this issue.