Do NOT login to any Steam websites! Caching Issues

[MarkeR]

Guys..

Steam is having major problems with their caching servers.

If you are logged in, do not go to any links within Steam, you can play games but do not go to your account page etc..

Official word from a Steam mod on reddit.

https://www.reddit.com/r/Steam/comments/3y7r0b/do_not_login_to_any_steam_websites/

Steam DB twitter
https://twitter.com/SteamDB/status/680490823226671104


I know this is in the steam sales thread, but I thought it best be front page on its own.

 

[K1LLSW1TCH]

Good job I saw this, was just about to try redeeming a voucher.

 

[Digipact]

This was a instant alarm bell for me as soon as I seen pricing of games switch from dollars to pounds then to euro's.

 

[Rezident]

Yep, it's banjaxed here too.

 

[Tibbz2]

They've taken it offline methinks.

 

[JoeFX]

They've pulled the plug by the look of it... should have done it an hour ago though, xmas day or not.

I've seen details of two different accounts, neither belonging to me.

Not sure if people were able to buy games using accounts not belonging to them. You could definitely modify account details if you wanted to.

 

[K1LLSW1TCH]

Yeah the store is down and I haven't been on since yesterday so at least my details won't have been cached for someone else to view. We should still be able to play games online shouldn't we?

 

[Digital X]

Luckily I have no emails recently from Steam, apart from my purchases I know I made.

 

[Tunney]

Time to fire up that one game I bought from Ubiplay.

 

[robin66]

Here's a quote I found on PC Gamer that might make things a little clearer.

It's a problem with their caching-server (varnish), caching pages that should not be cached (such as Account-Details, Cart, etc.). It invalidates after some time and is re-cached when the next user visits the page with their profile. You are not actually logged in (as in, you take over the session of the user), you just see pages rendered for others than yourself. This is why different parts of steam appear as different users.

Which page you see is probably dependent on the edge node (first server you connect to) closest to you, hence why different users see different profiles.

My guess to how this could've happened is that an untested configuration got activated when steam went down earlier, e.g. due to an auto-conf service (puppet, chef) pulling an untested config or some of their live servers being replaced by staging / development servers. It's also possible that they were under heavy load and the engineer on duty reconfigured all their edge nodes to cache more aggressively.

Let's hope they fix this fast, because this is a major data leak. I can see private E-Mail and account names. Let's hope their cache server is not delivering internal pages.

Credit to: /u/mrallon

 

[Quartz]

I've read elsewhere that someone tried to DDOS Steam and this is the result.

 

[nine_tails]

For a second i thought i was hacked and everything turned Russian for me.
Well. ****.

 

[simpletom]

They've pulled the plug by the look of it... should have done it an hour ago though, xmas day or not.

I've seen details of two different accounts, neither belonging to me.

Not sure if people were able to buy games using accounts not belonging to them. You could definitely modify account details if you wanted to.

I didn't know you could modify details, but viewing them alone is bad enough. Surely a company should have a contingency plan for problems like this? The faffing around seems like they have their lengendary customer services team on the case...

 

[LoadsaMoney]

I logged in and back out around 6pm, was fine, won't be going back in till its sorted now though, and luckily, i don't have my card details saved.

 

[Omaeka]

Valve OP.

 

[simpletom]

Just wondering why we learn about these things from third-party websites, especially Reddit. Surely they should, you know, admit a big balls-up

 

[kayomani]

I can imagine some poor sys admin getting the omg the system is down call mid way through Christmas dinner.

Taking the site down is probably the most sensible approach at the mo until the sort it out. Perhaps it was the temp pushing a new config to all the servers to reduce the server load lol *cache all the things*.

 

[thebennyboy]

It probably took so long to take down due to the fact it's christmas day and their tech teams are probably running on a skeleton staff.

 

[bfar]

This is a serious breech of personally identifiable data. The fallout over this won't be small. Although I do feel sorry for their staff on this day of all days.

 

[snips86x]

Is this still occurring?