BreachExchange mailing list archives
Why The Christmas Steam Debacle Is Worth Talking About
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 28 Dec 2015 18:34:01 -0700
http://www.inquisitr.com/2663630/why-the-christmas-steam-debacle-is-worth-talking-about/ When Steam went down on Christmas, many people just took it as par for the course. Steam, among other online services, typically take massive hits on Christmas with people opening new consoles, PCs, or currency cards to spend. However, while hackers typically bring down the Xbox Live and Playstation Network services on Christmas, Steam has normally stayed pretty stable. However, many consumers logged into Steam on Christmas to find other consumers information instead of their own. When Xbox Live and Playstation Network go down, typically that’s it — they simply go down. The services just cease to work while the companies behind them try to bring them back online. However, when Steam went haywire, which, as the Inquisitr previously reported, was a caching issue, it did more than just “go down” or “stop working” for users. Steam’s issue put actual user information at risk by making it visible to people across the globe. Valve, which owns and operates Steam, made a statement regarding the issue hours after it was ongoing, which has been relayed by Kotaku. “Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.” Steam, to their credit, brought the store down, making it so that users could not purchase new games under someone else’s account. However, consumers could still see users’ personal information, such as emails, account balances, and possibly credit card/PayPal information. This kind of breach is not like what is seen with Xbox Live or PSN. The fact that the issue made personal information available to any user, randomly, is an incredible breach of security, one that should not go unchecked. Many users panned the issue, stating that it’s not a big deal because they don’t pay for Steam’s services, or that this rarely happens to the PC storefront. However, the fact that the company is responsible for housing and protecting consumer’s personal data is just as much a reason to hold Steam to the same standard as Microsoft, Nintendo, and Sony. Steam’s unwillingness to admit there was a problem at first, and their nonchalant attitude towards consumers by offering no actual support or updates until after the issue was resolved, left many wondering just how much damage control they were going to be required to do on their personal accounts. The fact that the Steam Support Twitter feed, a supposed source of information in times just like this, was completely unresponsive during this time further exacerbates the issue. A fan-run Twitter account, SteamDB, was more helpful and responsive to user inquiries at this time than Steam even was. It’s an issue of a company who has so many users and millions of dollars funneling into their system and bank accounts that quality — and exemplar — customer service is unnecessary. Steam houses more users than Xbox Live or Playstation Network, and as a result their need to please everyone is offset by the fact that people simply continue to spend money, especially with insane deals going on like the current Steam Winter Sale. Issues like this cannot be let to rest simply because they are resolved. Steam had a massive security breach, one that put a lot of user data at risk. Steam themselves did nothing to assuage the fears of its consumers. The issues that occurred as a result of the Steam caching issue were more concerning that the service simply being down, but one that could of had massive ramifications had not Steam been brought down by Valve. And for any company to simply pan the displaying of user information to other users is a shame, especially one as well regarded as Valve’s Steam service.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Why The Christmas Steam Debacle Is Worth Talking About Audrey McNeil (Dec 29)