U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A serious issue in Steam allowed access to other users’ accounts

As a result of a configuration change a security issue allowed some Steam users to randomly see pages generated for other users for a period of less than an hour. Bad news for the popular community of Steam gamers, some of the users are facing serious security issues. Several users online reported to be able to […]

Steam WordPress malware

As a result of a configuration change a security issue allowed some Steam users to randomly see pages generated for other users for a period of less than an hour.

Bad news for the popular community of Steam gamers, some of the users are facing serious security issues. Several users online reported to be able to view other users’ account information. Numerous messages on Twitter, NeoGAF, and Reddit reported the problem highlighting that they were also able to access addresses and credit card data of other users.

“So, I went to go checkout on Steam after selecting a few games and I was taken to the checkout page which gave an error message, but still allowed me to select a payment method. When I went to choose a payment method, it opened the payment information forum like usual. Except, the information filled in wasn’t mine. I was for someone completely different than me that I’d never heard of before. Full name and address. The creditcard, thankfully, was not saved. As a IT security guy, this is some serious shit and could be a sign of a major vulnerability.” said a Reddit user.

The Valve company that owns the Steam platform confirmed the serious security, it was an internal error that the company has already fixed.

“Steam is back up and running without any known issues,” a company spokesperson said.

It seems that a wrong “configuration change” randomly let some Steam users view personal information of other users’ profile. The incident was limited to a one-hour period.

“We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users,” he added.

steam platform security problem

The incident is serious and could have serious repercussion of the users’ security, at the time I was writing it is not clear the number of the affected users. Users also faced other problems, including difficulties in logging to the platform.

On December 25th, several users noticed that Visiting the Steam website or store the platform was returning an error, although there was no impact on the gaming service. There’s still no official explanation, but one popular theory holds that Steam is incorrectly caching account pages and rendering them for other users.

In a message on Steam’s forum one of the moderators explained that the platform has not been hacked and added that the personal information were not visible to other users.

“We’ve gotten reports that people sometimes see other people’s account information on the account page. Valve has been made aware of this and are working on a fix.

Some frequently asked questions:
– No, Steam is not hacked
– Creditcard info and phone numbers are, as required by law, censored and not visible to users

Valve has released a statement to gamespot about the incident.

“Valve has issued a statement regarding today’s issues. “Steam is back up and running without any known issues,” a Valve spokesperson told GameSpot. “As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”

Pierluigi Paganini

(Security Affairs – gaming, security issue)