Over the holiday season, Steam experienced numerous issues; some still present for a large number of users. On Christmas Day the service went offline unexpectedly, with no statement from Valve regarding the outage. The service later came back online, but due to a serious caching error, personal user information was publicly displayed to random users. Valve has now confirmed that the Steam store was subject to a DDoS (Distributed Denial of Service) attack on December 25th, that lead to the various issues and outages.
In response to the fiasco, Valve quickly took down the entire Steam service until the caching error was resolved. Intermittent issues are still present, affecting the distribution of verification emails, navigating the store and general connectivity. Currently multiple hacking groups have claimed responsibility for the attack.
In an official statement, Valve shed light on the main cause of the Christmas Day escapade.
Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.
Valve continues by explaining that caching rules were used to combat the attacks, but upon a successful secondary attack traffic was incorrectly cached, leading to personal data leakage.
In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
Valve clarified that users affected by the caching errors will be contacted, to ensure victims are aware of the data leaked. Steam is in the process of deploying improved caching configurations, to prevent such an attack in the future. While the service is now mostly operational, it has brought cyber-security into the spotlight once again, in the midst of various data breaches over recent months.
Source: Valve via Tech Insider
22 Comments - Add comment