430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Data of 34,000 Steam users exposed due to buggy caching configuration

Valve company publicly confirmed that Steam deployed a buggy caching configuration to mitigate a DDoS attack which exposed Steam users personal information. Still problems for the Steam gaming platform, details of 34,000 Steam users have been exposed during a DDoS attack. Last week, as a result of a configuration change, a security issue allowed some Steam […]

Steam WordPress malware

Valve company publicly confirmed that Steam deployed a buggy caching configuration to mitigate a DDoS attack which exposed Steam users personal information.

Still problems for the Steam gaming platform, details of 34,000 Steam users have been exposed during a DDoS attack. Last week, as a result of a configuration change, a security issue allowed some Steam users to randomly see pages generated for other users for a period of less than an hour.

Steam users who did not access their account details page or checkout page between 11:50 PST and 13:20 PST on December 25 are not affected.

The Valve company that owns the Steam platform confirmed the serious security issue caused by an internal error that the company has quickly fixed.

On Wednesday, Valve company provided an explanation of the incident and apologized for the problem caused.

In a statement detailing the incident, the company explained that it suffered DDoS attacks against the Steam Store and Steam.

“On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.” states the official statement published by Steam” The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.”

steam users platform security problem

The company in response to the attack deployed caching rules designed to mitigate the threat and minimize the impact on the platform. The rules have been prepared by a Steam web caching partner and deployed to continue to route legitimate user traffic.

The company handles web caching for Steam deployed two different caching configurations, but, unfortunately, one of them incorrectly cached traffic for authenticated users.

Valve has highlighted that the cached requests did not include passwords and financial information that could expose users to fraudsters.

“Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users,” Valve said.

Pierluigi Paganini

(Security Affairs – Steam users, Personal data)