STE WILLIAMS

Video game marketplace Steam is leaking people’s personal information – including their payment details and billing addresses – to strangers.

Gamers browsing the online store have found themselves logged into other people’s accounts, revealing strangers’ profile settings and other sensitive details, such as addresses, PayPal account information and bank card numbers.

The support forums and other boards are chockablock with complaints as players pile into Steam for the holidays.

Screenshots of the security cockup are appearing on Twitter:

I can confirm that: Steam gave me access to another person’s account with credit card info and purchase history pic.twitter.com/IzhE4M5sme

— Steam Spy (@Steam_Spy) December 25, 2015

I can access people account pages on steam, including E-Mail, PayPal… pic.twitter.com/yhEomyDir9

— 混沌的隊長 (@CaptainChaotika) December 25, 2015

I guess if I hated this @steam_games user, I could remove these licences? pic.twitter.com/hMLrTJYu3d

— Colin Kringle (@afreak) December 25, 2015

Given this started happening in the past few minutes on Christmas Day, surely Half-Life developer Valve – Steam’s overlord – didn’t deploy a change over the festival weekend?

.@steam_games In our datacenter we have an emergency power-off button. Just an idea.

— SecuriTay (@SwiftOnSecurity) December 25, 2015

To those people wondering why Steam hasn’t pulled the plug… Jeez, you can’t do that, gamers would then have to talk to their families.

— Adi Kingsley-Hughes (@the_pc_doc) December 25, 2015

We’ll update this story as more details come in. If you can access your own account, removing your payment settings would be a good idea. Perhaps the leak is being caused by a web caching screwup, or bungled handling of cookies – if you have any ideas, drop us a postcard, please.

A spokesperson for Steam was not available for immediate contact. ®

Sponsored:
Simpler, smarter authentication

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/25/steam_snafu/