Valve Explains What Caused the Steam Christmas Day Catastrophe

Twentieth Century Fox

Valve has shed some light on the difficulties so many users experienced with PC gaming digital storefront Steam over the Christmas holiday.

Apparently, a “configuration error” resulted in roughly 34,000 Steam users’ account information being seen by other users. The information erroneously displayed included users’ “billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address.” It did not, however, include full credit card numbers, passwords, or any information that would otherwise allow someone to complete transactions as the affected user.

The information was also restricted to those who accessed an account or checkout page during the 11:50 PST and 13:20 PST time frame in which the event occurred. Valve says they are working with their “web caching partner” to identify the affected users in order to contact them. Luckily, no unauthorized actions took place on those accounts, according to Valve.

It was one of the countless “Denial of Service” attacks that regularly target Steam that caused the problem in the first place. Traffic to the Steam Store was amplified 2000%, which tripped a failsafe that sent users a cached version of the page in order to keep things running smoothly. Unfortunately, one of the caching services incorrectly directed cached versions of user pages to the wrong people.

Valve’s news post also contains an apology for the inconvenience, but it’s the assurance that personal information remained largely untouched and that those affected will be notified that should be most comforting. If you were one of those unlucky users, Valve should be in contact with you about it in the very near future.

Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.


Please let us know if you're having issues with commenting.