Last week on Christmas, something went wrong on Steam. As players browsed through the massive catalog of discounted games as part of the Steam Winter Sale, they saw the private information of other Steam users, such as their billing addresses, purchase history and the last two digits of their credit card number. According to Valve, the issue lasted for two hours, and then service was back to normal. Almost a week after the issue, the company finally provided details about the problem.
It started with a denial of service (DoS) attack on Steam which increased traffic to the store 2000 percent above average. The attacks are common and Valve stated that it handles the problem in-house or with the help of other companies. Once the attack was detected, a series of caching rules set by what Valve called a “Steam Web caching partner” were implemented to soften the blow on the Steam store while continuing to allow legitimate users access to the site.
However, the second wave of the DoS attack prompted another caching configuration, but it incorrectly stored data for a few authentic users. This in turn showed another user’s account on various pages, and even a change in the language presented in the store (some users saw Russian or Chinese words on the page).
In light of the error, the store closed while another cache configuration was placed. Once it was confirmed that the new processes worked and the sensitive data was no longer visible, the digital store reopened for business.
Obviously, Valve apologized for the incident and promised to work with its partners to not only identify those whose partial information was revealed, but to also improve the caching process to prevent the issue from reappearing in the future.
The fact that the DoS attack came on Christmas Day is no coincidence. During the holiday season, many players receive presents through other friends on Steam, while some also get store credit through physical gift cards. Combine that with the ever-popular Winter Sale on the site, and Steam becomes a major hub with a large volume of players who all want to spend money on heavily discounted games.