0
39

[–] ChillyHellion [S] 0 points 39 points (+39|-0) ago 

I really appreciate the more detailed statement, especially so soon after the initial statement. I'm glad they chose to speak in detail about the personal information issue, so that customers can make as informed decisions as possible in their use of the service.

0
19

[–] ForgotMyName 0 points 19 points (+19|-0) ago 

Sounds like a reasonable response to me. We got exact numbers, we got exact information about what was exposed, who may have been exposed, and whether or not you need to worry about your account's security. I have no complaints. (And I generally complain a lot.)

0
8

[–] ChillyHellion [S] 0 points 8 points (+8|-0) ago 

I wasn't a fan of the opaque language given in the initial statement, but I'm much happier with how upfront they are with this one. Whether or not the exposed data is a big deal should be up to each user to decide and act accordingly.

0
8

[–] Drenki 0 points 8 points (+8|-0) ago  (edited ago)

In my opinion, which is never humble, this is the tamest major databreach on record. If you logged into your account on the website during the issue, there was a chance for you to see, but not edit, a very limited amount of account information and absolutely nothing serious beyond email address. And for some other user logged in to see yours.

You likely had no control over which person's cached account information you saw and were also likely to be locked into that stranger's record. Seems they had two different server sets for logged in users and there was crosstalk between the caching ones in the group. So the cache request for ID 1 in Group A would accidentally retrieve the info on ID 1 from Group B.

0
3

[–] ChillyHellion [S] 0 points 3 points (+3|-0) ago 

I think that's what frustrated me about their initial announcement. Valve seemed to downplay the issue, referring to it as "cached page information". If it's really not a big issue, then there should be no problem saying exactly what happened and why it's not an issue. That seems to be exactly what they're doing in this follow-up announcement, and I appreciate how upfront they are in this one. It's probably going to be a problem for some people, and not an problem for others; it's much better just to let everyone know exactly what happened and let each individual user decide how to handle it.

I think your assessment is reasonable, but what I appreciate most is that Valve decided to give you the details of the incident and let you make that assessment for yourself.

[–] [deleted] 0 points 8 points (+8|-0) ago 

[Deleted]

0
2

[–] Vaati 0 points 2 points (+2|-0) ago 

Compared to when some big online store gets breached and every single credit card number they have saved is stolen, this is pretty minor. It still too bad it happened, but nothing super sensitive was leaked, and only for people who tried to get on while things were messed up. If Amazon were hacked, I'd have to cancel the card I have saved ASAP. Since I didn't even try to see what gaming services were running on Christmas day, my information wouldn't have even been in the cache mess.

0
3

[–] justcause 0 points 3 points (+3|-0) ago  (edited ago)

I'm not surprised. Had a similar thing happen where Akamai (Valve's web content partner) was mistakenly caching dynamic content. Akamai's config defaults to cache everything if you don't explicitly override and there are multiple layers at play making it easy to unknowingly fallback to that. Dumbest default ever, but said they weren't going to change since they weren't sure how many people depended upon it (there are companies that just use them for static content, which ios safe to cache, and may not want to mess with setting up config I guess).

For testing, it is difficult if you don't know what to look for. They're policy updates take a while to propagate to all of their edge nodes so if your tests hit different nodes before they can replicate cache to each other then you won't get back the same cached result. Also, the tests will typically be with a single user so getting your own data back doesn't really cause any alarm bells to go off. The tests need to be setup to specifically look for that caching using multiple users hitting the same edge nodes. My guess is Valve won't repeat this given they know what to test for now.

0
1

[–] knightwarrior41 0 points 1 points (+1|-0) ago 

i have been tempted to buy something from their winter sale but i'm glad that i held up.well, mostly because i dont have any more $$ left lol

0
2

[–] ChillyHellion [S] 0 points 2 points (+2|-0) ago 

Yeah, I think the most interesting part of the announcement is that it only affected users who logged in during the affected time frame. I don't think that detail had come up in any of the earlier news reports.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

14
-9