Steam: No "Unauthorized Actions" On Exposed Accounts

← Back to Stories (view on slashdot.org)

Steam: No "Unauthorized Actions" On Exposed Accounts

Posted by timothy on Saturday December 26, 2015 @05:55AM from the that-they-know-of dept.

The Steam bug that allowed users to see other users' account details may not have been as harmful as it first appeared. Valve said in a statement (reported on Mashable) that while cached data showed usernames, "sensitive details such as credit card numbers are automatically censored on user account pages, which mitigates the potential harm of someone having seen your personal data." From Mashable's report: "Steam is back up and running without any known issues," Valve told Game Informer in a statement. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

33 comments

Min score:

Reason:

Sort:

Wait, so you're telling me... by Anonymous Coward · 2015-12-26 06:51 · Score: 2, Insightful

That people over reacted for no reason!? What world are we living in for this to happen...
Seriously, there was never any reason for people to go crazy over this. It's not some hacking group seeing "your info", it's just other gamers around the world.
At most, your email is now on a spamming list and someone knows your home address if you let steam save that info. That's it. Nothing that you haven't already shared with spammers or on facebook at some point.
1. Re:Wait, so you're telling me... by ledow · 2015-12-26 07:41 · Score: 4, Informative
  
  If you had any care for email privacy anyway, you'd buy a stupendously cheap domain, activate forwarding on the catch-all, and then use a bunch of one-time addresses.
  I know what address I gave Steam. I know it's never been spammed. Because only they and I know what it was. If it does get spammed, someone hacked Steam, or me, or something like this happened.
  So I then generate another address, change my steam email to that, block the now-public one, and carry on with my life.
  The problem with people who claim the sky is falling is that they never stop to think about how to stop it falling on them.
2. Re:Wait, so you're telling me... by Anonymous Coward · 2015-12-26 07:43 · Score: 1
  
  In case you haven't noticed, the people submitting articles at this site are typically paranoid, reactionary, and batshit insane.
3. Re:Wait, so you're telling me... by UnknownSoldier · 2015-12-26 10:19 · Score: 2
  
  Or you could just memorize one passphrase and use something like KeePass. /sarcasm I guess Ctrl-C & Ctrl-V is too much work. :-)
  > Unique passwords for each service are simply an encoding scheme that uses the service name.
  The problem is some sites are so retarded to allow long passwords so one is forced to cap it at 8-12 characters.
4. Re:Wait, so you're telling me... by Anonymous Coward · 2015-12-26 11:05 · Score: 0
  
  Or you could just memorize one passphrase
  Or you could just memorize one strong password. Passphrases are vulnerable to dictionary permutation attacks... and that's the type of attack most commonly used.
5. Re:Wait, so you're telling me... by Anonymous Coward · 2015-12-26 16:07 · Score: 1
  
  Or you could just memorize one passphrase
  Or you could just memorize one strong password. Passphrases are vulnerable to dictionary permutation attacks... and that's the type of attack most commonly used.
  That's why you pad your passphrase with a random number of symbols.
6. Re:Wait, so you're telling me... by phorm · 2015-12-29 06:34 · Score: 1
  
  I don't bother with one time addresses. I just create a new address based on a pattern for all signups, e.g.
  nospam.slashdot@mydomain.com
  That way, if slashdot gives out my email address, not only do I just can the address, but I also get to know WHO sold me out based on the destination.
  Thus far, a *lot* of my spam has been to my paypal address, presumably because crappy merchants decided to add it to their mailing list after I bought some $5 part on eBay.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 06:56 · Score: 0

That is the way of their kind.
Re:Do you think that by Anonymous Coward · 2015-12-26 07:06 · Score: 0

No, that'd be dark humor to show why we should hate white people, and would probably be a Spike Lee film.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:19 · Score: 0

Those corporations want to take everything we own.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:23 · Score: 0

All those people do is hate.
I don't agree by Anonymous Coward · 2015-12-26 07:28 · Score: 0

The Steam bug that allowed users to see other users' account details may not have been as harmful as it first appeared.

Well, that just all depends.
Are you the kind of person who gets terrified by ill-defined threats every time you read a headline? Then maybe it appeared harmful.
Are you the kind of rational-minded person who cautiously reaches tentative conclusions about things and leaves the door open for more information and refined analysis of risk? Then you probably didn't even give a f*ck.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:30 · Score: 0

It is the way of their kind.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:31 · Score: 0

They always do these sort of things to us.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:32 · Score: 0

This wasn't dishonesty. This was just plain hate. They hate us.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 07:35 · Score: 0

They are driven by hate. Between their constant killing of us and stealing our money by the bankster class, I am proven right. Proven right.
PRIVACY is of no value apparently by Anonymous Coward · 2015-12-26 07:44 · Score: 0

PRIVACY is of no value apparently
Ok, well, remember Jermey Clarkson? He claimed the same thing :)
"We believe"! That Jesus is our lord and savior! by Anonymous Coward · 2015-12-26 08:21 · Score: 0

Yeah, they believe, but would they stake their life on it? I don't think so!
You people had better change your passwords, etc.
Re: These Republican-ruled corporations... by Anonymous Coward · 2015-12-26 10:16 · Score: 0

It is the way of their kin.
Re:These Republican-ruled corporations... by wisnoskij · 2015-12-26 10:26 · Score: 2

Gabe Newell is a known democrat.

--
Troll is not a replacement for I disagree.
Yeah, no unauthorised transactions... by Anonymous Coward · 2015-12-26 10:52 · Score: 0

Had $60 charged to my credit card because they could purchase on my behalf. What a joke.
1. Re: Yeah, no unauthorised transactions... by Anonymous Coward · 2015-12-26 12:51 · Score: 0
  
  Pics and fraud case #s or it didn't happen
2. Re: Yeah, no unauthorised transactions... by Anonymous Coward · 2015-12-26 16:08 · Score: 0
  
  Prove it.
"sensitive details" expeect your name and address by johncandale · 2015-12-26 16:21 · Score: 2

Sure, your CC wasn't shown, but your name and address and phone number were. More than enough for some identity thieving. Old games. "double click icon, start playing" New games "open steam, login in, update steam, you are loging in from unknown location, verify login via email, restart, load steam, update game, ...."
Re:"sensitive details" expeect your name and addre by Anonymous Coward · 2015-12-26 22:19 · Score: 0

Or you could just launch it in offline mode . . .
Re:"sensitive details" expeect your name and addre by Anonymous Coward · 2015-12-27 00:42 · Score: 0

Or you could drive to Washington and punch GabeN in the balls.
funny thing by Anonymous Coward · 2015-12-27 01:13 · Score: 0

I'm quite interested to see what EMVCo will do to them. What happened is a MASSIVE PCI DSS violation...