Steams down...

[Macman]

Extract:-

Disclaimer: Steam Database is not affiliated with Valve in any way. We are a community run website.

An hour ago, Steam users started seeing incorrect information on the Steam Store, as if they were signed into someone else's account.

There is no official confirmation from Valve yet, so we can only speculate as to why this issue happened. Valve is known to use Akamai as their CDN and Varnish for caching. Our theory is that a caching misconfiguration in one of these components has caused Steam to incorrectly serve rendered and cached pages intended for a single user only.

This issue means that users’ private information such as email address, billing address, and sometimes credit card details are at risk. As far as we know, this issue is read-only, and no one is able to perform any actions involving your account on your behalf.

To protect yourself, we strongly recommend completely avoiding visiting any Steam store links. This includes visiting the Steam store using the Steam client.

This is not a hack or a DDoS attack. This is highly likely to be a misconfiguration in one of Valve’s caching layers.

At the time of this writing, the Steam store is inaccessible. We can only assume Valve is currently working on fixing the issue.

If you used a PayPal account and had the details saved, you can unlink your account by logging on PayPal.com and going to Settings and Preapproved payments under the Payment options heading.

Going forward, we strongly encourage you not to store your billing information on the Steam store. Valve have proven multiple times that they’re unable to keep their security standards to a high level.

[scaryjim]

Steam's been down pretty much all day. I suspect there are a lot of frustrated gamers out the this Christmas...!

[watercooled]

Yeah I wish Steam wouldn't have the option to store your payment details ticked by default; I've never deliberately chosen to store them (and come to think of it I can't even remember not un-ticking it TBH) and yet it's linked.

I signed in earlier and saw someone's email address, wallet value, etc - in their case they hadn't stored a phone number or any payment details though.

I could be mistaken but I seem to recall this exact thing or something very similar happening a while ago? It's really quite laughable that Steam are pushing people to install their mobile app (rather than the 'standard' option of something open like Google Authenticator, like Origin does) for 'increased account security', and yet some huge error on their behalf just exposes customer data without anyone even putting the effort into hacking.

[The Hand]

When I tried to log-in yesterday the game prices were showing up in Canadian dollars for me. I've deleted my credit card details off steam, it was probably silly of me to leave them on there in the first place. They still don't have Steam app for Windows Phone, so for this "enhanced" security I'm using an Android emulator BlueStacks for the Steam app code business. Newell still has an axe to grind as far as Microsoft is concerned.