Christmas Day was not great for Valve.
Once the presents had been opened and the stockings de-stuffed, thousands of gamers tried to log in to Steam ... only to find someone else's account information staring back at them.
It wasn't just a glitch, it was a major security breach — if you were logged into someone else's account, you could see all of their personal information. Payment methods, addresses, wallet balances — it was all there, no restrictions.
Thankfully, the breach didn't last long, and there don't seem to be any major problems lingering on. Valve fixed the problem, explained what happened and continued on with the Winter Sale ... except that Valve didn't explain what happened. In fact, Valve didn't say much of anything — the studio didn't even announce that the store had gone down. Only now, five days after everything went down, has Valve issued a statement.
If you were hoping for a sincere apology, well ... at least Valve finally said something, right?
"On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST, store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified."
Basically, the only new information here is just how many people were affected ... and it's not good. 34,000 people is more than some states' entire populations — and while it's impossible to know exactly how many breaches actually took place, the fact that more than 30,000 users could have had their information accessed at all is astonishing.
Further along in the update, Steam confirmed that it was essentially a side effect of precautions against attacks on the store. Valve was busy dealing with the second wave of a Denial of Service (or DoS) attack — and while the attack itself didn't cause any damage, an error in getting the store back up and running normally resulted in the breach that users dealt with on Christmas.
So, what does this mean for Steam? Nothing, really — the store is back up and running, and the Winter Sale continues on like nothing happened. Valve has promised that it'll be contacting those who were affected by the breach, but any further actions remain a mystery, and it's safe to assume that Valve has taken the proper measures to ensure that this doesn't happen again.
Granted, it's good to know that the attack wasn't as bad as everyone first thought ... but hopefully, Valve will be a bit more forthcoming with this sort of information in the future. For a company as big as Valve, it shouldn't take five days to properly inform its users that their information was at risk.
You can read Valve's full statement here.