Steam Data Leak Was Not A Hack

Yesterday at around 10:00 pm, I noticed that something was wrong with Steam. The interface suddenly presented itself in different languages and kept switching. I tried to switch back to english but got an error message that something went wrong.

A little bit of poking around in the settings showed the profile data of different users on Steam. The selection was random and I didn't recognize any of the users.


The source of this strange behavior was a caching problem that allowed users to see cached pages of other Steam users, according to GameSpot and a spokesperson from Valve. Valve believes that no unauthorized actions could have been made under those accounts besides the viewing of cached information and that no further actions are required of the users, now that the problem has been fixed.

Now that we all know that this wasn't an attack but rather a configuration error, let's see what data could have been accessed by others. Since I had no control over which page cache I would get, the users I could view were totaly random and I had to wait for the cache to expire in order to see the data of other users. That being said, different pages did present me with different user data, as the following images show.




When I tried to buy a game and gift it to one of my friends, I could also see the complete friend list of someone else. Other than that and what is displayed in the screenshots above, I could not find any other sensitive data being leaked before steam shutdown the store completely.

Accessing full credit card information was not possible, as Steam only allows updating but not viewing it, so your credit cards should be safe. I couldn't test if buying a game was actually possible while the caching problems persisted. Just to be safe, users should check their purchase history for any unknown purchases.