maybe rude and obnoxious people would learn from this, and go back to these threads to apologize with users they treated like idiots for saying it was a ddos attack. ;)
http://www.steamgifts.com/go/comment/PCNdsj7
http://www.steamgifts.com/go/comment/eZwwtpX
but probably won't move a finger, because they are always right
Comment has been collapsed.
Well, to be fair, as I understand it, it wasn't a direct result of the ddos attack, but a screw up in the solution.
Comment has been collapsed.
but it was an attack from what i read. do i understand something wrong.
Comment has been collapsed.
The way I recall, we said it's not from the DDoS attacks… as it wasn't, it was a response gone bad for that attack. You could argue it was an indirect cause, but it was not a direct cause.
Comment has been collapsed.
The ddos isn't the direct cause, it's what made them use the shitty way of caching pages. A ddos itself isn't going to make pages cache improperly.
Comment has been collapsed.
i was the one who answered to that first comment you posted. could you please tell me, where exactly i treated anyone as an idiot?
i am not always right, but at the point of comment, there was no confirmation for a DoS attack. in fact, the sources we had said it probably isn't. so if you ask me, going on the forums and claiming it was one, when we don't even know that for sure, is also not exactly the right thing to do. ^^
Comment has been collapsed.
there wasn't confirmation about anything official at that point, only the guys from steamdb.
i didn't target you with the links to those comments, i just dislike when someone says "x could have happened" and everyone dismiss his opinion instantly because they don't agree with him.
(●´ω`●)
Comment has been collapsed.
right, there was no confirmation at all. and the guy didn't say an attack could have happened, he implied an attack was fact at that point. which it wasn't. so i feel there had to be some kind of reaction/correction to that post. but i agree that no one should every be attacked for a personal opinion. this happened in the second thread you posted, and that was not cool. but the first one - i only see a more or less neutral discussion there. :)
Comment has been collapsed.
the first one was civil discussion, the second is the one that made me reply here :3
Comment has been collapsed.
absolutely right. i was just a little confused that you posted the comment i replied to. wasn't aware of having done anything wrong. ^^
Comment has been collapsed.
Only saw your comments here now, replied to you in the other discussion, like Mullins said, it was civil, at least between you and me, either one could be wrong or right and I learned something's new, that's why I wished you a happy new year!
Comment has been collapsed.
The group of "hackers" that did the ddos said it on reddit (latter on, they deleted the post), was something like, what a shitty ddos protection valve has
Comment has been collapsed.
You're asking for humility and manners on the Internet. I'm afraid you won't have these, but it's nice to see people who still have those values in mind.
Comment has been collapsed.
It wasn't the ddos attack itself which did course the issue though It was steam stuffing up trying to apply a solution to reduce the effects of a ddos attack
Comment has been collapsed.
That took them awhile. Well, better late than never!
Comment has been collapsed.
Its mostly for users that were affected to be aware that they were affected. That way those users are given the option to change some settings around or keep them the way they were.
Comment has been collapsed.
So that they can decide whether it's worth their time to file a lawsuit. :D
Comment has been collapsed.
"During DDOS attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale. "
there was a huge ddos attack.
Comment has been collapsed.
so they lied to us, they have told us it was not an attack. now i have to change my paypal email to stop receiving money requests from random people. how nice steam.
Comment has been collapsed.
Sorry about that, so far for me there were simply few posts on my wall.
Comment has been collapsed.
They never said it was not an attack, Valve Didn't say anything just this on the 25 december
"Steam is back up and running without any known issues," we were told via email. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."
Comment has been collapsed.
That email was send from Valve to Gamespot on the 25th. It's a quote from the Gamespot article.
http://www.gamespot.com/articles/steam-issue-allowing-access-to-other-users-account/1100-6433371/
Comment has been collapsed.
Nothing was hacked, your info is probably fine. Your paypal email should be safe as long as you never visited that page during the caching error. If you never went there it was never used as a cache page.
All this was, was a bad response to a ddos attack, a ddos attack doesn't expose personal info. All it does it slow servers down.
Comment has been collapsed.
Well better to get spam than to get your credit card info stolen I guess
Comment has been collapsed.
And their forums aren't working. WTG Valve you piece of crap billion dollar company.
Comment has been collapsed.
We apologize to everyone whose personal information was exposed by this error
"And if your personal information is used in some malicious manner somehow, we are also sorry. You are also shit out of luck, because we don't actually care, but saying sorry is at least free. For us."
Comment has been collapsed.
It's more like the payment info. Still, Valve is rather lucky that the US just saw the release of similar personal information of 191 million people (minus a few million dead ones who usually get stuck in such databases for decades), so that will immensely overshadow this one.
Comment has been collapsed.
you need to read it exactly
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified
you can be sure they try to clear this with a cheap csgo game would not be the first time they do that if you acept that the problem is solved
Comment has been collapsed.
Yeah, more than likely. Like how Sony tried to poke the eyes out of the compromised PSN users with what, a few ten-dollar games, or something? I remember that it had a pathetic value.
Comment has been collapsed.
Well I'm sure if you guys have a time machine you could loan it to Valve so they can go back and prevent it from having happened. Just a few ten-dollar games? Well jeez they should have totally offered at least five sixty dollar games. And what's up with people giving reviews of 75 when it obviously deserved a 90 or more, boycott! Pathetic. Awful. Useless. Smelly. Undercooked and a little dry.
Sorry but when people start down this bluster-powered railroad I can only facepalm. You're grousing because they gave an apology, and then layering it with bitterness on the belief they might actually give something to hopefully tide over any soreness? Yeah, it's not a happy situation, but jesus the over-reaching. You'll make a fierce in-law with character assassination like this, heh. Instead of building strawmen, it always helps to keep it on a more constructive track.
Compare Valve / Steam to other similar platforms, evaluate their performance based on this.
Consider their response and where they could have reasonably done better (and worse).
Hold them accountable for what they actually did and said, not what you can pretend they secretly think and do.
If it is found lacking enough, consider the legal and technical side. Is it Valve, the law, technology, or gaming in general where the core flaws can be found?
What would the best way to pursue positive change be?
Comment has been collapsed.
Just a few ten-dollar games? Well jeez they should have totally offered at least five sixty dollar games.
No, not that. It's about at least trying to offer the wronged party something in compensation that may at least be on par with the damage… and knowing your credit card number, CVV, address, and full name really falls into the "high damage" category. Not just some press release that we are sorry and it won't happen again, like if you are a 5-yo child doing some paltry prank and not a multi-billion dollar conglomerate. (Not to mention that in Sony's case they were hacked again a few months later with the same method, showing how much they actually cared: they tasked someone to release a press statement, and that was all they did about the entire matter.)
To put it in perspective: Imagine if you are a lawyer or doctor with a private practise and the folders of your customers suddenly end up on the public internet. Could you get away with saying everyone "okay, I'm sorry, it won't happen again, okay" and continue your practise the same way?
The answer is yes, if you were the only lawyer/doctor in the region. But if you were not, your entire clientèle would be at the competition within weeks.
Comment has been collapsed.
For this to be the case, they would have to determine the damage. The vast majority have not taken ANY 'damage' beyond a scare. Consider exactly what was leaked.
While it could have been potentially catastrophic, it wasn't. Nobodies credit card number was leaked (it is censored except for the last digits) and I'm pretty damn sure that no CVV was leaked given it isn't stored . Last I checked, what they got was address, name, email associated with account / paypal, steam purchase history, current steam wallet funds and a peek at whatever the user had stashed in their basket waiting for checkout. If it were a case of actual financial account details or card validation information, gaming news media would have exploded, and steam would be facing a genuine massive legal issue and it wouldn't be a matter of giving 'pathetic ten-dollar games', but paying for actual accrued damages and likely facing further punishment as a company.
Valve is not Sony. However yes, if a company doesn't learn or make adjustments after such a leak, they yeah they deserve criticism. Being angry at Valve for trends in how other companies handled previous situations is a bit silly. Expecting 'compensation' for a zero-damage scare, and being actually angry at what they might offer before such a thing is even mentioned is a whole different layer of silly.
And perspective? With that example, not really.
There is a huge difference between a doctor or lawyer having client details leaked, and a worldwide retail store having name and address leaked. For one, medical and legal issues are confidential for a reason, whereas name and address is often archived and available for access for indexing services and even public access depending on where from. While the amount of cash you have attached to your steam wallet and what games you buy still fall within 'sensitive data', they are nowhere near as critical as medical records or legal/criminal matters.
By all means, be disappointed. Be frustrated. Hell, be angry. But keep it proportional, keep it in context, and keep it lucid. The way a surprising number of people are reacting right now isn't out of a rational frustration about their details. When you look at the comments you can see most people are just looking for something to vent about and get swept up in the grouching bandwagon, immediately joining the chant of 'compensation!' to the tune of "I am the customer I am always right!". I would be more inclined to agree with people if they were keeping perspective. This was a caching error. It's a stretch to even see it as a 'close call' because they had the foresight to ensure certain things are censored and not stored just for worse-case scenarios such as these. Instead, my main urge is to tell people to "get a grip", and perhaps remind folks that if they find the service to be so unacceptable, the power is entirely in your hands to use other services for your future purchases, and also to pursue whatever legal action / arbitration / whatever that you feel is necessary. If any individual does find that they have been damaged as a result of this, then I would completely be behind them entering talks with Valve and consulting with a legal professional.
Comment has been collapsed.
Yes, it is massively overreacted, but often because it was just the thing that reached the boiling point at people. Valve's practise towards its customers is getting beyond mid-2000s Electronic Arts bad. The ways they essentially force people to give them their phone number and use their app, even though it is not even accessible by everyone, the legendarily horrible customer service, the escrow, the way almost every country is getting to be a separate region… or, in shorter terms, how we had 3-4 days consecutively where their servers were fucked in one way or another, and only one day of this was because of external issues. And yeah, people are getting fed up, in various amounts, with Valve, especially when if we consider such small things that every season sale brings the same slow-downs and outages happen, despite them having literally hundreds of millions of dollars in profit after tax to buy new server parks. Or support personnel. Or anything.
Comment has been collapsed.
They don't force you to give the number. The only penalty is a trade delay / escrow, and while this is annoying, it is also in a system where people were also constantly angry about getting scammed. People are now angry they're adding new security measures. Yes, they might not be the best measures, but this has seriously turned into a "damned if you do, damned if you don't" situation.
Servers being sluggish during massive sales is no new thing, and again, while frustrating, does not warrant rage. Frustration? Sure. "OMG Valve so bad"? Not really. Hating a company because their storefront suffers during massive usage is silly. Grouching? Sure. Bandwagoning about how bad the parent company is, while still opting to use their services and with no intention of changing? Heh. Again, my urge to just say "get a grip" is awaiting.
Okay, as for the separate regions? That's might potentially be an issue worth getting pissed about, though I really don't know much about the whole deal. I do know that companies are often slave to certain factors when it comes to regional pricing, but if they are creating price differentials where they aren't required to, that would raise eyebrows. After the constant and systematic abuse of cross-region key harvesting, I can at least see why they would try a more heavy-handed approach to staunching the flow. It'll suck ass not to be able to gift things to online friends across certain borders, but I can't really comment on that as I don't really have my finger on that particular pulse. Though it's food for thought that even on places like this, we occasionally have threads all too happily announcing some cross-region site offering an expensive game for <$5 if you use spoofing services to let you buy it.
Digital distribution stuff is still evolving. Steam is the largest platform AND have a marketplace that allows users to turn a profit not only from trading in games but also in digital content for within those games. On top of this they have huge sales and cater to a global community (though their performance towards certain countries has been lacking). I can only imagine this is one hellish thing to moderate, and with Steam being such a hub of activity it is only natural that they would be more likely to try new measures, and by that simple fact they are also likely going to be the first platform to fumble too.
I'm not even trying to say Valve / Steam are perfect, but the amount of shit they catch is disproportional to the mistakes they make. Criticism is definitely always a great thing to have, but beyond a certain point it turns into a lot of piss and vinegar being thrown just for the sake of catharsis. Realistically, how loud of an outcry is required for the APOLOGY of the caching hiccup? Does anyone even realise how this effects the voice of the userbase? If every mistake or inconvenience or even apology results in outrage, then if Valve ever makes an actual serious mess-up, the backlash will look exactly the same as what they get for a minor non-issue. It stops being outrage and starts being average response (think of youtube comment gutters, for an example).
I guess I'm just disillusioned and hoped people could be more sober, even in their criticism. Tantrums get nothing, but the more critical and lucid insight that gets worded maturely (and then followed by people voting with their wallets)? That's more likely to get a response than just make them numb to what amounts to angry radio static, y'know?
Comment has been collapsed.
So, they apologize the same day but only a couple of hours after the Total Biscuit call them on not apologizing? Not weird at all.
Comment has been collapsed.
They aren't really known for their keen marketing and PR instinct. :)
Comment has been collapsed.
I really don't understand how can valve operate such a shit level regarding support, PR and communications. It's just absurd.
Comment has been collapsed.
Probably cornering the digital distribution market at a good time helps with it. Plus they are more or less still live on the fame of some of their old games. Which somehow translates for many users as they are a good distributor. For reasons. (I mean if the chief argument of Apple users is that iOS is a good operating system because iPhone is slim and looks good– not joking and even heard this shit during an actual company presentation early December–, then having a decent puzzle game with the Portals surely mean they know how to run a digital store, yes?)
Comment has been collapsed.
Or, they could have been waiting until they were 100% sure there was nothing more to the incident which requires some investigating on their end as well as waiting for whoever their "partner" is to confirm as well.
Not saying Valve handled this as well as they could have, but to rush out and say "Everything is fine!" or "Everything is terrible, panic now!" without fully knowing is potentially worse.
Comment has been collapsed.
The incident happened 5 days ago. I could write more but that's all that I will say.
Comment has been collapsed.
During the holidays, when most people have vacation time, while having to collaborate with another company possibly remotely.
I'm not saying they were super fast in responding, because they weren't. I'm also not saying anything about Valve doing the best they can in terms of PR, technical support, and customer support because they sure as hell aren't that much is clear.
But I'm not going to pretend that they were keeping quiet because they didn't feel like addressing it and somehow one guy ranting about it for half an hour changed their minds over the course of two hours as if that is near enough time for them to analyze what happened, when it happened, approximately how many were affected, and whether or not anything else went wrong.
Comment has been collapsed.
... who is total biscuit and why should I know him?
Comment has been collapsed.
The issue occurred because they realised how much they blow and decided to follow this tutorial
Comment has been collapsed.
You could see full credit card numbers + mail + phone number .... also if you have the paypal account "merged" in steam... Also, your real steam username, that its like give half of the work if someone want to bruteforce.... >.<
Comment has been collapsed.
Full credit card numbers?
Do you have a source to go with that, please?
Comment has been collapsed.
it was a SS from a user and he deleted it (because the personal data), the "trick" was trying to buy something with that cache'd account, there you could see the data
Comment has been collapsed.
it was a SS from a user and he deleted it (because the personal data), the "trick" was trying to buy something with that cache'd account, there you could see the data
Comment has been collapsed.
I would consider saying we were ddos'ed after they said they weren't and blaming it on an error on their partners error an apology.
Better than Overkill's apology but really not much better.
Comment has been collapsed.
Wow would have forgotten about it if valve didn't apologise lol. Bad move valve
Comment has been collapsed.
Yeah they really should have apologized within a day or two rather than bringing it up again once the majority of people have started to forget.
Comment has been collapsed.
Yet they don't have any advice to users affected by this issue. I was lucky I wasn't active in that time frame but think of users with their 'total money spent' and email/PayPal exposed. I am quite positive they become a potential target for hackers/scammers. I strongly advise those users to increase their account security level.
Comment has been collapsed.
I don't know if I've been affected. I don't think I was, but... maybe.
Comment has been collapsed.
Somebody might have seen last numbers of my pre-paid card number. (I got one for on-line stores only, currently with under 10 euros on it) No unauthorised transactions were made from it. I just hope that they will give some games in compensation. A choice of two between Witcher 3, Fallout 4, GTA V, XCOM 2, Deus Ex: Mankind Divided, Gun Monkeys and Bad Rats would be fine.
Comment has been collapsed.
Considering I wasn't troubled by [something that clearly wasn't intentional] to begin with, it's odd that I'm dissatisfied with Valve's response-
But the way they downplay the matter ["some" users were affected, "Once this error was identified, the Steam Store was shut down"] is rather taseless, to my mind, given how many users were affected (all? :P) and for a fairly notable time frame.
Comment has been collapsed.
It was a caching error. It could not affect all users because it required users to be actively using the site during the misconfiguration.
Comment has been collapsed.
That's quite obvious.
The topic was affected users, so your comment isn't relevant.
Do read the announcement for the context that's being referenced- even if there's validity to your differing understanding to the more apparent interpretation of the announcement, then that sort of misdirection would only further support the sentiment I'm expressing.
Comment has been collapsed.
Is yours?
"But the way they downplay the matter ["some" users were affected, "Once this error was identified, the Steam Store was shut down"] is rather taseless, to my mind, given how many users were affected (all? :P)"
If it is obvious that you understand and accept that not everyone was affected how is it that you characterize their statement of fact as tasteless?
HERP DERP ASPERSIONS TOWARD THE SOOTH (SAYER).
Comment has been collapsed.
There'd be an asterix if I edited it past the first 2 minutes.
Neither of the above two comments were ever edited, as far as I can recall, however- certainly, that typo'd have been one of the first things I'd have fixed.
I can't make much sense of what you're trying to express, unfortunately.
Comment has been collapsed.
That there is only a two-minute window for editing posts does not necessarily change that what I saw may have been edited, but let's assume poor reading comprehension on my part, shall we? I did edit my above post to remove the baseless accusation, and with a flair you may appreciate. Or not.
I already expressed my feelings about Valve's statement elsewhere in the thread, but since I'm so inscrutable I'll forgive if you forego taking a gander.
But let's try again here.
"Is yours?" was directed at you saying that my comment wasn't relevant. See, that was me responding as if you already had your claws out (meow!) I could be wrong, but I think I saw more evidence of your claws being out in your last reply, because you addressed my statement about the edit, which means you understood that part, and the only other thing I said was:
"If it is obvious that you understand and accept that not everyone was affected how is it that you characterize their statement of fact as tasteless?"
You don't understand that I tasked you with supporting your initial statement? Maybe I threw you off.
You can respond in kind or just bring the claws out again. All good.
Friendly Edit: P.S. "Bring out the claws" is a colloquial phrase. If you're unfamiliar with it, Google may help.
Comment has been collapsed.
:scratches head: No, but it makes it far more unlikely, and as I said, I'm fairly sure I didn't edit them.
But since I'm not even sure what you were trying to point out, I couldn't really say :'P
Non-relevancy is more a matter of fact or confusion of intent, than insult. Else I'd have used words like 'trite' or 'inane' or 'meaningless spamtastic waste of my time'. I did none of those unless they were secretly edited out?! =O.
Bring out the claws would be more suited to being described as an idiom, since I'm not quite sure it's common enough to be considered colloquial.
I'm still not at all sure what you're asking, your grammar is quite confusing for me to follow.
Did none of the comments above or below help clarify whatever it is you're seeking?
Comment has been collapsed.
Let's do some rasslin'. That's like wrestling, only sadder. I wanna rassle you to the ground and give you a pink belly.
Why? Because I want to confuse you. More? Confuse you more.
Let's discuss a meeting location. I see you are located in the United States. I am as well. Let's meet at the projected mean center of the United States population in 2020. It is projected to be in Wright County, Missouri, 8.3 miles north of Hartville. Now, to be honest, that sounds like a dreary place, so you bring crab cakes and I'll bring beer and we'll have a good time.
This is purely platonic, by the way. I'm a mechanophile. Big mechanophile. So unless you're Johnny Five, don't get the wrong idea. If you are Johnny Five, let's bump that meeting up a few years.
Comment has been collapsed.
No, Valve's further limits the affected to those who were trying to actively visiting account pages (instead of the store pages, or community pages) which is why the number is seemingly so low.
Comment has been collapsed.
Yeah, if you tried to look at your account information, or were trying to actually buy a game at that time, then you have some exposure. Otherwise, you shouldn't because the problem being a caching error meant that you never requested pages that could be incorrectly cached and then served up to another user.
I think the biggest problem for most people is it took them five days to even say anything. Misconfigurations and other such things will always happen on rare occasion even if every vendor, service, and site out there always patched every exploit and heeded every security bulletin. It's inevitable. Stuff like misconfigurations happen even at 'mundane' times without any aggravating malicious related or unrelated action (like the DDoS in this case). But silence for 5 days (other than a blurb of a statement to the press)? That was Valve's intentional choice. It's bad, and it shows that Valve's talk of improving their customer service still has a ton of areas to improve in. Valve has always been the sort of company that doesn't like to talk about stuff until they're ready to talk about it, which is why you never hear about what they're doing with a game in development (or even which games are in development), or anything else they don't have to talk about until it actually has to be talked about. Which is their prerogative. But a misconfiguration that exposed and confused users? Say something. Say something the same day. To the users. On your site. "Oops, there was a misconfiguration, we're sorry, we're looking into it, we'll let you know more later, we got your fucking back." You give some preliminary information and say you will be more forthcoming after an investigation.
But that's just me. Other people are upset by other stuff like the statement itself. To each his/her own.
Comment has been collapsed.
34.000 Users compared to the total users it is a relative low number. RELATIVE.
Comment has been collapsed.
Not if the total number of users was 50k.
Keep in mind the phrasing in the announcement is in reference to affected users, which they clarify clearly at once point when they detail the differing 'symptoms'.
They clearly tried to downplay how many active users were affected.
Couldn't care less about total ratios (as it relates to this), since that's not relevant to the insincerity of their phrasing.
Comment has been collapsed.
It's okay, InvasorKazz. Sooth knows the number of affected users at that time was quite large relative to the active users and even if it wasn't a large proportion, Valve was insincere in their statement and tried to minimize the affect of the whole thing, so let's share Sooth's mild outrage about Valve's statement.
Personally I'd rather be disappointed with Valve for taking almost a week to inform their customers of anything relating to the caching error rather than getting upset that their fairly informative statement about what, how, and when it happened; what aggravating factors there were; their estimate of affected users; and the necessary actions performed to have been an affected user.
Comment has been collapsed.
so let's share Sooth's mild outrage about Valve's statement.
I'd have phrased it more as 'mildly miffed', outrage of any level is an exhausting investment :P
I totally agree with everything else you said- even just a single quick emergency announcement would have gone a long way.
The entire atmosphere they're presenting toward it just feels a bit wanting in sincerity, concern, and responsible reaction.
Then again, it isn't as though Valve has the best history of conduct towards its customers up till now, either. Of course, in fairness, the response we did get was more detailed and respectful than some other companies would have given us, so it isn't totally negative, either.
Comment has been collapsed.
Don't try to make me love you. My heart is too small.
Comment has been collapsed.
And where is the free $10 Steam Wallet for everyone?
Comment has been collapsed.
If I read it right they're still figuring out which users had information exposed. I'd guess only those people might get something.
Comment has been collapsed.
Make up your mind, is your information precious enough that Valve are horrible for the error, slow response and apology... or is your information it worth nothing more than a quick cash-in that you literally hope got exposed? Complaining simultaneously in both directions is a bit absurd.
Comment has been collapsed.
And here I was thinking they were gonna apologize for the sale when I saw the threads title. :D
Comment has been collapsed.
Valve says to us jump from bridge and we... do it :)
Comment has been collapsed.
Valve has finally apologized for last week’s Steam Christmas disaster, explaining in a lengthy statement today that the issues stemmed from a Denial of Service attack and wound up exposing the information of around 34,000 users.
http://store.steampowered.com/news/19852/
Do you have been afected?
Comment has been collapsed.