Valve Comes Clean, Admits Christmas Day Steam Glitch Was Due To DoS Attack

By 03:23 Fri, 30 Jul 2021 Comments

We reported earlier that a weird glitch took over Steam on Christmas morning, as several users reported seeing other users' account information instead of their own. The issue was sorted out in a few hours, and later Valve confirmed that it was due to a caching issue.

While that may have been the direct cautilize of the glitch, it was caused due to another problem altogether. Turns out, Steam was the taracquire of a DoS (denial of service) attack, which prevented serving of store pages to users. It caused the traffic to the store to soar by 2000% over average traffic.

In response to the attack, one of Steam's web caching partners deployed caching configuration to minimize the impact on Steam Store servers and continue to route legitimate traffic. A second caching configuration was deployed during the second wave of the attack, which incorrectly cached web traffic for authenticated users. This is what caused some users to see other users' pages.

According to Valve, this would have allowed users to see the billing address, last four digits of their Steam Guard phone number, their purchase history, last two digits of their credit card number, and their email address. That's still a honest bit of information, especially since Valve initially assumed that no real information was seen by other users.

The issue has since then been resolved but it shows rather poor communication from the company, especially since it concerned user data.




Related Article



Please LOGIN or REGISTER To Gain Full Access To This Article