Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / QUICK!!!! Check your bank cards and DELETE IT OFF STEAM

Author
Message
Yodaman Jer
User Banned
Posted: 26th Dec 2015 06:06
Ok, I am really pissed at valve right now - apparently sometime last night (the 24th) and through parts of today, many people were reporting[warning: some language!] that if you click on your account details it would actually take you to that of a different users page.

This means, in effect, you could buy games and use up funds and then have that account gift it to yours - so lots of people got ripped off and many people got free presents.

I stupidly had my card saved on there, so I am contacting my bank tomorrow and having it cancelled and getting a new sent... you should do the same if you also had your card saved. I checked my account and everything seemed fine, and it does appear Steam has since fixed the issue, but I would HIGHLY recommend you guys delete that info off of your account and change cards faster than a card shark fueled up on speed!

Valve better be prepared to reimburse anyone who lost money, let alone their card numbers!

Sign up for NaGaCreMo!
The Zoq2
14
Years of Service
User Offline
Joined: 4th Nov 2009
Location: Linköping, Sweden
Posted: 26th Dec 2015 11:35
As far as I have heard, people havn't been able to use your account, just look at account details. It supposedly happened because of a misconfigured server which sent cached versions of other users pages to you. People might have seen the last 4 digits of your credit card as well as billing address and other personal information but they havn't been able to make purchases as far as I know.

https://www.reddit.com/r/Steam/comments/3y7r0b/do_not_login_to_any_steam_websites/
Say ONE stupid thing and it ends up as a forum signature forever. - Neuro Fuzzy
Seppuku Arts
Moderator
19
Years of Service
User Offline
Joined: 18th Aug 2004
Location: Cambridgeshire, England
Posted: 26th Dec 2015 14:33
I haven't noticed any problems on mine. I bought a few people gifts too. So I am guessing it hasn't affected everybody? Big data protection issue, obviously, but looking through all these, I am not seeing signs of people's bank accounts being accessed and I have checked my own bank just to be sure.
The Zoq2
14
Years of Service
User Offline
Joined: 4th Nov 2009
Location: Linköping, Sweden
Posted: 26th Dec 2015 16:00 Edited at: 26th Dec 2015 16:22
As far as I have heard, it went on for an hour before valve shut down parts of their servers and it was fixed a few hours after that. So unless you visited the steam store or community in that our you probably arn't affected.

Edit: I saw a pretty good youtube video explaining the cause of this
Say ONE stupid thing and it ends up as a forum signature forever. - Neuro Fuzzy
Seditious
10
Years of Service
User Offline
Joined: 2nd Aug 2013
Location: France
Posted: 26th Dec 2015 17:14 Edited at: 26th Dec 2015 17:15
What about those of us who use PayPal, that's safe right? IIRC you have to manually log in to your PP account to confirm the transaction.
Phaelax
DBPro Master
20
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 26th Dec 2015 19:26
Good thing Steam doesn't have any of my personal info

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
The Zoq2
14
Years of Service
User Offline
Joined: 4th Nov 2009
Location: Linköping, Sweden
Posted: 26th Dec 2015 20:35
Quote: "What about those of us who use PayPal, that's safe right? IIRC you have to manually log in to your PP account to confirm the transaction."


Pretty much everything is safe. There are additional checks for user info done when you change something on the account so unless valve had more issues than we know, nobody can have brought anything or changed any information. The only thing they could have done is seing your personal information.
Say ONE stupid thing and it ends up as a forum signature forever. - Neuro Fuzzy
Yodaman Jer
User Banned
Posted: 26th Dec 2015 21:11
Ok, glad to see this wasn't as terrible as it seemed last night - but I am never going to store any info on there or any site ever again.

I can't believe it was over an hour before they responded in any capacity. I know it was Christmas, but surely they had an emergency on-call team?

Sign up for NaGaCreMo!
The Zoq2
14
Years of Service
User Offline
Joined: 4th Nov 2009
Location: Linköping, Sweden
Posted: 26th Dec 2015 23:07
Yea, valve have handled this incredibly badly. An hour before they started trying to fix something and as far as I know, they havn't issued an official statement about it apart from talking to some journalist at gamespot.
Say ONE stupid thing and it ends up as a forum signature forever. - Neuro Fuzzy
Yodaman Jer
User Banned
Posted: 27th Dec 2015 02:42
That's just crazy. You'd think they would have some sort of news flash on the Steam homepage to update users and let them know that it seems that no unauthorized transactions were made from their accounts. I guess the people who said they had their account "broken" into were wrong, but it's hard to say. Only time will tell if people have had their information stolen. Which is why I'm going to order a new debit card just to be on the safe side, and change my password

How much do you want to bet that whoever made that critical mistake (misconfiguring the server) is now either demoted or jobless? That's pretty big screw up!

Sign up for NaGaCreMo!
BatVink
Moderator
20
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 27th Dec 2015 10:44
Being an IT Professional, I'm hoping this incident is a wake up call for users.
Everyone assumes that in a "crisis", the first thing you should do is log in to your account. Firstly, that makes it a many, many times harder to fix the problem.
Secondly, as shown here, you are more likely to make yourself more vulnerable to the "crisis". Why do people think that during a security breach, you should submit your user name and password, and get the server to compose a neat little package of all of your data?????
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Quidquid latine dictum sit, altum sonatur
TutCity is being rebuilt
Dark Java Dude 64
Community Leader
13
Years of Service
User Offline
Joined: 21st Sep 2010
Location: Neither here nor there nor anywhere
Posted: 28th Dec 2015 03:42
Great point there! ^^ People act in sheepish ways, eh?
"It also shoots blue flames sometimes, which is startling in the most exquisite of ways." -- Self

Login to post a reply

Server time is: 2024-03-28 19:43:44
Your offset time is: 2024-03-28 19:43:44