Steam, perhaps the world’s most popular PC game distributor, has apparently kicked off Christmas with a huge data breach. According to a report from The Verge, amid Steam’s Winter Sale, some users are finding themselves logged in to other user accounts and they are able to see their private details, including address and payment information.
Although Steam has not yet responded, beyond confirming the breach in a Reddit post, and the service has just allegedly been taken offline.
Meanwhile, users on Twitter have stepped up to provide some guidance to Steam users in the wake of the data breach, including prolific leak source SteamDB.
Do NOT attempt to unlink PayPal, remove your credit card details or anything else. Doing so will put you at risk instead.— Steam Database (@SteamDB) December 25, 2015
Once again, unlinking your PayPal account from Steam via the PayPal site alone is fine. Unlinking through Steam is NOT.— Steam Database (@SteamDB) December 25, 2015
Meanwhile, MyBroadband reports that no purchases were able to be made during the breach and that Steam has indicated the issue is a bug with the service rather than a deliberate attack.
That said, it’s worth noting that, as The Inquisitr has previously reported, Steam was targeted by hacking group SkidNP this holiday season. While most believe that this breach is due to a bug, not a deliberate attack, it remains worth watching.
Update no. 1: According to The Independent, the online store is definitively down; reports are also coming in that the store for physical hardware, such as the popular new Steam Controller, is also unavailable and that both are redirecting to an error message.
The breach was allegedly first exposed when users logged in to see foreign-language landing pages, and SteamDB believes that the bug stems from Steam caching issues.
“Valve is having caching issues allowing users to view things such as account information of other users.”
Steam/Valve Corp still haven’t released a statement regarding the breach, and have not responded to requests for comment from the media. Steam currently serves more than 125 million active users, making this potentially the largest data breach of 2015. By comparison, the high-profile Ashley Madison breach leaked information on some 37 million users.
The Inquisitr will continue to follow this story as it develops.
[Image via Steam/Valve Corp]