So uh, look up from your Christmas dinner for a second, because Steam is having a major security meltdown at the moment.
It’s the middle of Steam’s big winter sale, which means a huge number of people are browsing, buying, and playing games right now on the platform. Some of them, however, seem to have tripped into a major security hole. A variety of users on Twitter, NeoGAF, and Reddit have noted that they can see other users’ account information – including addresses and credit card data – instead of their own details.
From what I can gather online, users would occasionally be logged into not just their own accounts, but also those of others, including being able to see their information. The general consensus seems to be that you couldn’t actually abuse said credit card information (you only have the last two digits and you still need the security code to actually buy stuff), but people who use PayPal to pay on Steam might not be safe.
Steam’s store has been completely shut down, but you can still play online. Major security problem here, and it seems to be related to caching, although there’s no official word on that.
See? This is what I get for buying an Apple Watch. I upset the balance.