After experiencing a major malfunction on Christmas day, Valve has finally released a full statement as to what happened to its digital store Steam today.
According to Valve, Steam was the subject of a Denial of Service (DoS) attack which prevented users from accessing store pages. Responding to this attack, caching rules managed by a Steam web caching partner were deployed in order to minimize the impact on Steam Store servers and continue to route legitimate user traffic.
Problems with this system arose when the second caching configuration was deployed during the second wave of attack. The DoS attack plus the 2000% increase in traffic for Steam caused the configuration to incorrectly cache web traffic for authenticated users. The error in configuration led to some users seeing Steam Store responses which were generated for other users. In other words, it allowed Steam users to view the account information of other Steam users such as the user’s billing address, credit card numbers, purchase history and phone numbers.
Valve eventually identified the error and would shut down the Steam Store until a new caching configuration was deployed. They have since received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.
In total, Valve estimates that 34,000 users have been affected by this incident and is now working with their web caching partner to identify users whose information was served to other users. The company will be contacting those affected one they have been identified.
Source : Steam
