Security

Gaming souk Steam spews credit card, personal info in Xmas Day security meltdown

Who deploys code changes on Dec 25th?

Half-Life

Updated Video game marketplace Steam is leaking people's personal information – including their payment details and billing addresses – to strangers.

Gamers browsing the online store have found themselves logged into other people's accounts, revealing strangers' profile settings and other sensitive details, such as addresses, PayPal account information and partial bank card numbers.

The support forums and other boards are chockablock with complaints as players pile into Steam for the holidays.

Screenshots of the security cockup are appearing on Twitter:

Given this started happening in the past few minutes on Christmas Day, surely Half-Life developer Valve – Steam's overlord – didn't deploy a change over the festival weekend?

We'll update this story as more details come in. If you can access your own account, removing your payment settings would be a good idea. Perhaps the leak is being caused by a web caching screwup, or bungled handling of cookies – if you have any ideas, drop us a postcard, please.

A spokesperson for Steam was not available for immediate contact. ®

Updated to add on December 26

Steam is back up and running again after shutting down temporarily to fix its privacy snafu. The Register understands the cockup was triggered by a configuration tweak on December 25th – a super busy time of the year – that backfired and led to profile page caching issues.

Sponsored: Accelerated Computing and the Democratization of Supercomputing