Just a heads up, steam is beyond fucked right now, the store launches in different languages and its logging you into other peoples accounts where you can see random peoples credit card and personal info.... I logged out after realizing this and cant even log back in. No official response from valve on what the hell is going on yet but this is going to be very bad.

Yikes, I'm glad I use PayPal and don't save my info on Steam.

Yep. I can see other peoples info and wallet amount. Apparently it's possible to buy games using other peoples steam wallet.

This is beyond fucked up.

If you look at your account details in the Steam client, it isn't you anymore. In fact for me it's a different person everytime I access it and I can see their entire purchase history and account details

And it's not just me, the issue appears to be incredibly widespread

http://www.neogaf.com/forum/showthread.php?t=1162196

https://www.reddit.com/r/Steam/comments/3y7le9/im_logged_in_as_someone_random_on_steam/

Beyond the exposure of personal detail like CC info and emails to random strangers, Since Steam recently introduced the ability to permanently remove games from your library this is extremely frightening problem

This looks to be a massive hack. I hope nobody has their CC info stored on steam

There doesn't appear to be much you can do to protect yourself atm, just watch your credit cards.

This looks to be the big one :(

Valve seems screwed. I wonder how they will respond to this, restore the servers to an earlier period? I don't know how they can fix this.

MERRY CHRISTMAS

They need to just shut it down till they get this fixed, its down to luck right now that some dickhead doesn't get your info.

Oh boy, can't wait to go home and see if any damage has been done.

holy crap what is going on, is this like a hack? or some kind of server corruption?

Worst Christmas ever for anyone who works at Steam tech support.

It's most likely some bad server setting got put into production. Chances are some bad caching problem where it's caching random people's pages and serving those.

Just stay off of Steam for now.

I was trying to login from my laptop and getting the Korean page. I've had localization errors from Steam before, so I figured it was just a fluke. Here's to hoping sending four login requests didn't up my chances of exposure.

EDIT: @moab said:

I did that a long time ago for PSN and XBL. I really shouldn't have excepted Steam, and as soon as this debacle is over I'm going to fix that mistake.

I have 2 factor turned on with a specific mobile device set as the key generator, is that going to prevent this shit from happening to me? So much for valve being the stalwarts of online gaming. This shit can affect any company, no matter what you think.

Well then, good thing I never save my credit card info on Steam. This is all kinds of messed up.

Every time I hit "View Account Details" I was seeing someone else's account information. Steam is fuuucked at the moment.

Dave, steams fucked.

@rongalaxy: Hoping so as I have the same. Guess we will have to wait and see.

From the Steam section of Reddit:

It's a problem with their caching-server (varnish), caching pages that should not be cached (such as Account-Details, Cart, etc.). It invalidates after some time and is re-cached when the next user visits the page with their profile. You are not actually logged in (as in, you take over the session of the user), you just see pages rendered for others than yourself. This is why different parts of steam appear as different users.

Which page you see is probably dependent on the edge node (first server you connect to) closest to you, hence why different users see different profiles.

My guess to how this could've happened is that an untested configuration got activated when steam went down earlier, e.g. due to an auto-conf service (puppet, chef) pulling an untested config or some of their live servers being replaced by staging / development servers. It's also possible that they were under heavy load and the engineer on duty reconfigured all their edge nodes to cache more aggressively.

Let's hope they fix this fast, because this is a major data leak. I can see private E-Mail and account names. Let's hope their cache server is not delivering internal pages.

Credit to: /u/mrallon

It seems bad in regards to potential access to user info such as personal e-mail addresses, funds, country, etc... but so far no one has reported seeing actual credit card info, just speculation that one potentially could. Purchasing does not seem to work right now.

It also may only be showing users who are logged in, so log out. Otherwise, people should come out of this relatively okay.

It's probably best not to do anything right now. Even the Steam mobile app is affected.

The worst thing I can see happen here is people seeing your e-mail address and partial phone/cc number info if you have them saved to your account.

Only took Brad Muir a few weeks to take Steam down.

I was darkapostle89! Who were you?

This is bad. I always used to think Steam was rock solid when it came to this stuff.

Is it really the best bet to log out for now orrrr is it mostly just speculation? I just want to get in, nuke my CC and Paypal and get out but noooooooothing is loading.

@zolroyce : If you try to login you will just get someone else's info, you can't access your own. At least that is what happened to me. Edit: So then I just logged out and am going to wait it all out.

@zolroyce: It's actually better to not do anything through the site. If you have paypal linked to it you can unlink it from the paypal site.

Shit, I was clicking around on Steam trying to figure out what the hell was happening and then logged out after I saw this bit about it.

Edit: And it looks like steam completely pulled the plug now.

Important addendum that @slag brought up:

@officer_falcon: @rockyboyussr: Okay, thanks for the advice duders, I'll just log out and not touch anything besides Paypal. Though I think luckily I don't have it linked together, pretty sure I just sign in every time.
Fingers crossed nothing happens to my (or any of you all) CC's.

@mlarrabee:

People are free to help themselves to my nonexistent paypal account, credit card info i never save on there because i know better as well as all of the 7 pennies i have in my wallet.

But give Valve a chance, they're new at this!

@sanity: Totally unrelated, but I love TPBs!

@viking_funeral: Important clarification

Its times like this that remind me how dangerous it is to have so many games on steam =( the dangerous digital future has arrived. I had steam guard! They said i'd be safe!

Can I still play games though?

Seems steam is back up and the store is down... was able to log in and see my friends list.

@slag: Good catch.

Apparently playing games online might be okay. It could also prevent anybody else from logging into your account through the desktop client.

I really hope my information wasn't compromised, luckily I don't save my CC info on my account.

I have already received 2 e-mails on the account linked to Steam.

1:

Hi,

I don't know if you knew about Steam being hacked or whatever it was, but I got logged into your account at one point and saw you had a lot of money in there. Please let me know if nothing got stolen! I feel so bad for everyone that has steam money in their wallet, I am afraid people might steal it :( I don't know if it was possible to buy anything, I hope it isn't! I got logged out of yours again so i can't keep track of it anymore sorry.
I hope everything is well!

Kind regards,
Fran

2: (From a throwaway Guerrillamail account.)

your money is safe now

thank you

:|

@hassun: holy shit. I really hope that someone is just fucking with you. If not I'm sure valve would refund anything that came out of yr wallet today, right?

As it's a caching error it seems that people never had control of your account at all, they just had access to some of your account info. Credit card numbers etc should be safe as they're not visible, but email accounts were visible so PayPal is probably the biggest weakness right now.

Heard a rumor from my brother that they might refund all purchases made within a certain time frame. Don't take that as gospel but if it is true anyone who had their accounts compromised might have a ray of hope.

This whole situation is beyond fucked.

Edit: If someone had bought a game on my account with my CC info it would have emailed me right. I don't think I got hit but... I'm paranoid.

Man. How did he get Half-Life 3? I want to believe

Ugh. What a fucking mess. I hope Valve sets things right for customers who have been affected after they fix this shit.

@alwaysbebombing: It would be nuts if it was literally that... HL 3 came out and totally fuckered the Steam servers. But that could very easily be a clever photoshop.

Wow. I don't think anything of mine was compromised, but now I'm paranoid. Staying off Steam for a while until these problems are fixed.

@planetfunksquad: Yeah I'm confident that if money does disappear, Valve will refund it.

(I know, I was replying to a message that has since been deleted so the joke was ruined)

Let's see if all the faith I put in Google and Valve pay off an everything turns out fine (for me). Anyways, I was able to see two other people's account info, but was most shocked by the fact that people still use hotmail accounts.