Whether it was to cash in the Steam card they got for Christmas or take advantage of the ongoing Winter Sale, thousands of Steam users encountered a frightening glitch in the system when they tried to interact with the Steam store or view their account information. The glitch was causing personal information like addresses, credit cards, and names from other people to be viewed instead of your own account information, and the worst part was that it went on for hours before anything was done about it, and Valve was infuriatingly silent about the issue the entire time. Now, about a week later, the company has finally come forward to explain what happened.
On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users. The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user. If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user. Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.