Its Official Steam Suffered A Ddos Attack And Leaked 34000 User Accounts Techworm

Readers and gamer may remember that Steam servers were down on Christmas day between 11.50am PST and 1.20pm PST. At that time, many sources tried to dispel the DoS attack fears and sought to blame the outage on a “configuration error.” However as per the statement released by Steam, its servers had indeed been blasted with a DoS attack and the attack allowed some users to see Steam Store pages that had been generated for other users. “These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The statement also said that only those users who browsed a Steam page containing their personal information during the time of attack could have seen account information of other Steam users. While the users who suffered the information leak is yet to be ascertained, Valve said it is working with its web caching partner on identifying which users had their information revealed to others, and will contact those users personally once they are identified. Attacks against Steam “are a regular occurrence”, according to Valve. Steam had been a particularly lucrative target on Christmas Day due to its traffic increasing by around 2,000 percent during its sale. “In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic,” Valve wrote. “During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.” Once it had identified the error, Valve said that it shut down the Steam Store to prevent any more leaks. The store was brought back online only after its engineers had reviewed and deployed all new caching configurations. “We will continue to work with our web caching partner to identify affected users, and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service,” Valve concluded.