Valve has finally gotten around to explaining what happened to Steam on Christmas day. The gaming service experienced what appeared to be a caching issue and began showing users accounts belonging to other people. According to the recently released statement, the problem was much more severe than expected; although it doesn’t seem to have done any lasting damage to anyone.
The statement published to the Steam Community explains that Steam was targeted by a Denial of Service attack which attempted to stop the service from showing pages to users. Valve is generally prepared for this sort of occurrence, and Steam automatically launched countermeasures to deal with it.
“In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.”
Steam was back online after about an hour and a half, which is a considerably speedy response for a problem that happened on Christmas morning where most employees would be at home. At the moment, Valve has reiterated its point that no unauthorised transactions took place as a result of the caching error; although it is looking to work with its partners to identify which user accounts became exposed.
[Source: Steam Community]
