Steam’s Winter Sale wasn’t just home to some great deals, it also resulted in the service being offline for awhile. Reason being, there was a security flaw that exposed the personal information of its users. Since then we’ve heard precious little from the company. There was a much delayed statement citing this as a ‘caching issue’ and this was followed up by a post on Valve’s site detailing the outage and breach of personal information along with an apology.
At the time, Valve also said it would let those impacted know what happened via email. And it appears that it has finally been sent. Almost three months later. And it doesn’t say anything we don’t already know except Valve can’t exactly tell which users were impacted.
“We are contacting you because an IP address previously used by your account to access Steam made a web page request as described above,” the email reads. “Because IP addresses are commonly shared for home networks, mobile devices and by Internet providers, we are unable to verify that your account was actually the one that made this request. For example one affected IP address was previously used by over 1,700 Steam accounts. Consequently we are notifying all users who have previously used this IP address.”
Valve reiterated that the “event did not make it possible to compromise your Steam account or make a fraudulent transaction from your account, but we want you to be aware of what information could have been seen by another Steam user.”
The email ends with Valve apologising for the error and has taken precautions to ensure it does not happen again.
You’d think that in the wake of a major lapse in security and an equally poor response, Valve would have learned a thing or two. But if the company’s poor handling of the $3 million Dota 2 Shanghai Major is any indication, this evidently is not the case.