Amidst its big winter sale, Steam battled with issues that appear to have put numerous users' personal data at risk. While hackers claimed an attack on the California server of the online gaming platform, it was neither a hack nor a DDoS (Distributed denial-of-service) attack but errors caused by caching.
While gamers around the world logged into Steam Store to make purchases during a winter sale that ends on 4 January, the site threw up numerous errors and displayed a language different from the user's preference. Despite being signed into their accounts, users saw details of others.
Steam Database confirmed via Twitter that Steam was facing caching issues that caused users to view account details of others. It also asked users not to use Steam Store.
It later said the issue was resolved. In a statement to GameSpot, Valve said: "Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."
According to a theory put forth earlier by Steam database in a blog post, a caching misconfiguration in one of Valve's layers caused Steam to incorrectly serve rendered and cached pages intended for a single user. Valve uses Akamai for its content delivery network and Varnish for caching.
Users' personal information such as email and billing addresses, and sometimes credit card details were seen at risk. But the information is read-only and nobody would be able to perform any action on another's account.
It has warned those using PayPal, urging them to unlink their accounts. Users can do this by logging on to PayPal and going to settings and pre-approved payments under payment options.