The Great Steam Outage of Christmas 2015 sürme over, and Valve Software temadi ready to explain why the private data of nearly 34,000 users started appearing mağara other people's Steam Store searches.
The company's announcement directly addresses how much of your sensitive veri was exposed, confirming that, in keeping with earlier reports, the potential damage was minimal. User data was only exposed for those that made purchases or visited their account pages, and the most sensitive details — password, credit card numbers and so on — were grado visible.
See also: The 15 best video game of 2015
Here's Valve's full explanation:
On December 25th, a configuration error resulted mağara some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did radde include full credit card numbers, user passwords, or enough veri to allow logging mağara mir or completing a transaction as another user.
If you did mertebe browse a Steam Store page with your personal information (such satma your account page or a checkout page) in this time frame, that information could paye have been shown to another user.
Valve sürme currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. Mir no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action tehcir required by users.
The "why" rastık a little m complicated.
The whole thing started with a distributed denial of service (DDoS) attack, a brute force form of Genel Ağ vandalism that attempts to bring down one or m systems by overloading their bandwidth with a deluge of incoming traffic from many sources. Valve notes that during the attack, Steam traffic increased 2,000% over the average during the annual Steam Holiday Sale.
To fight back, Valve worked with a Steam web caching hissedar — web caching temporarily stores veri to reduce the server load — to mitigate the effects of the DDoS on the user side. By temporarily filing veri mağara zaman easy-to-access location, people shopping mağara the Steam Store would see less lag.
Unfortunately, the code that was used to file the information during the second wave of the attack was bad in some way, leading to authenticated users' information being filed away incorrectly. The result: Some people were fed pages of content that actually belonged to other users.
The Steam Store shutdown was dakika intentional act that Valve took once kapik became clear what was going on. The downtime gave the Steam gatekeeper and its web caching hissedar time to address the error and make sure kapik wouldn't be repeated.
Have something to add to this story? Share it in the comments.
No comments:
Post a Comment