Valve hat sich erneut zum großen Sicherheitsleck von Steam im Dezember geäußert. Alle betroffenen Nutzer wurden per Mail über den Vorfall und den aktuellen Status informiert.
Wir erinnern uns an einen unangenehmen Vorfall auf Steam im vergangenen Dezember: Mitten während des laufenden Steam Holiday Sales sorgte ein Sicherheitsleck im Cache-Server dazu, dass den Nutzern die Daten anderer Nutzer angezeigt wurden.
Nachdem Valve den Vorfall untersucht hatte, gab man bereits die Entwarnung, dass keine sensiblen und zum Missbrauch zu verwendenden Daten gezeigt wurden. Nun hat man sich erneut zum Leck geäußert.
In einer E-Mail, die an alle betroffenen Nutzer versendet wurde, gab man eine erneute Entwarnung. Fälschliche Aktionen konnten nicht vorgenommen werden, so Valve in der Mitteilung.
Vollständige Original-Mitteilung von Valve
Dear Steam User,
As you may know, for a brief period on December 25th, a configuration error resulted in some Steam users seeing incorrectly cached Steam Store pages generated for other Steam users. If you are not familiar with the issue, an overview of what happened is available at http://store.steampowered.com/news/19852/ .
If you accessed the Steam Store between 11:50 PST and 13:20 PST on December 25th, your account could have been affected by this issue. If you did not use the Steam Store during that time, your account was not affected.
Between the times above, requested web pages displayed during your Steam Store checkout and while viewing account information may have been incorrectly displayed to another Steam user in your local area. These pages may have included billing information previously saved to complete future purchases including your full name, billing address, billing phone number, email address and purchase history. They may have also included the last two digits of a credit card number or a PayPal email address, if previously saved for future purchases and the last 4 digits of your phone number if one was associated with your account. They did not include full credit card numbers, Steam account passwords, or other information that would allow another user to complete a transaction with your billing information.
We are contacting you because an IP address previously used by your account to access Steam made a web page request as described above. Because IP addresses are commonly shared for home networks, mobile devices and by internet providers, we are unable to verify that your account was actually the one that made this request. For example one affected IP address was previously used by over 1,700 Steam accounts. Consequently we are notifying all users who have previously used this IP address.
This event did not make it possible to compromise your Steam account or make a fraudulent transaction from your account, but we want you to be aware of what information could have been seen by another Steam user.
We're sorry this happened and have taken steps to prevent this problem from occurring in the future.
If you used the store between 11:50 PST and 13:20 PST on December 25th and you have questions please email firstname.lastname@example.org.