This past Christmas, Valve encountered a huge snafu when an error in a partner’s caching configuration temporarily caused users of game platform Steam to log into each other’s accounts. Although purchases couldn’t be made, there was plenty of personal information visible — including billing addresses — that could have been dangerous if put in the wrong hands.
Today, users will finally know if their accounts were compromised in the Christmas hack…months after it happened. In an email to potentially affected users, posted by The Verge, it seems that Valve was able to isolate some details:
If you accessed the Steam Store between 11:50 PST and 13:20 PST on December 25th, your account could have been affected by this issue. If you did not use the Steam Store during that time, your account was not affected.
New York, are you ready?
We’re building Momentum: an all killer, no filler event this November.
If you received this email, there’s a chance that your address, as well as identifying information regarding your billing address, phone number, as well as the last few digits of a credit card or a PayPal email address. Valve estimates the attack affected 34,000 users.
In some ways, users have come to accept that hacks on Steam happen — Valve itself admitted to hacks occurring for roughly 77,000 users every month. But it’s very late for someone to be concerned about what happened to their account over Christmas, a time when several people were logged on to participate in the platform’s semi-annual sale. If any damage could have been done, it likely already has.
In any case, it’s a helpful reminder to keep your 2-factor authentication turned on. Seriously.