After nearly a week’s radio silence, gaming hub Steam has spoken about the hack it experienced on Christmas Day, reports ExtremeTech.
On December 25, Steam found its servers attempting to handle 2,000 per cent more traffic than usual, the company said in a statement, which the company quickly identified as an attack.
“During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.”
The Distributed Denial of Service (DDoS) attack managed to reveal details of billing addresses, final digits of credit card numbers, phone numbers and email address of 34,000 users.
Valve, Steam’s parent company has said anyone not using the service at that time hasn’t been effected.
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.
Once the company discovered it was under attack, it immediately shut the store down and re-configured its caching configuration. The company has also purged all of the previous data before bringing Steam back online.
The company has said it is still working with third parties to identify the 34,000 users caught up in the hack.
As we’ve reported previously, the site has become a target for hackers, with as many as 77,000 breaches a month.
While Valve has said it’s fixing the issue, it has also warned its userbase that no one is immune from hacking on its platform.
➤ Valve explains Steam’s Christmas Day implosion [ExtremeTech]