The Steam Winter Sales began only a few days ago and eager users logging in found a rather disturbing chink in the armor: they kept logging into other people’s accounts randomly.
That’s right, for a limited time, members of the PC Master Race logging into Steam over Christmas (expecting e-gifts from Santa I’m sure) found their clients displaying text in foreign languages. People who remembered where the “account info” tab was (those less fortunate used Google Translate I’m sure), clicked it only to find another user’s account information, complete with e-mail addresses, buying history, and other private information.
The Steam store was subsequently taken down as the developers took a look at it, with it coming online a few hours later accompanied by the following statement on the Steam Forums:
“Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”
Steam further iterated that they had not been hacked and that “creditcard info and phone numbers are, as required by law, censored and not visible to users.”
A popular theory as to why it happened at all was due to caching misconfiguration:
