Steam Store victims can expect an email from Valve.
Valve has apologized for a winter Steam Sale breach—more than two months after 34,000 users had personal information exposed to other shoppers.
The target of a Christmas Day denial of service attack, the online shop was overwhelmed by 2,000 percent more traffic than usual.
In an effort to counter the assault, a Valve partner deployed new caching rules, one of which incorrectly cached Web traffic for authenticated users, allowing some people to access details generated for others.
As a result, those browsing the online shop between 2:50 and 4:20 p.m.
ET that day may have stumbled upon billing addresses, purchase histories, email addresses, and partial Steam Guard phone numbers and credit cards.
Folks were not, however, privy to full financial details, user passwords, or enough data to log in or complete a transaction as another user.
Following a temporary shutdown of the Steam Store site, Valve worked with its Web caching partner to identify those whose information was accidentally served to others.
Before the New Year, the company said it would contact affected parties once they were identified.
Now, contact has finally been made.
“We’re sorry this happened and have taken steps to prevent this problem from occurring in the future,” Valve wrote in an email to customers, published by The Verge. Valve did not immediately respond to PCMag’s request for comment.
The message mostly reiterates a December update on the breach, with an explanation that “we want you to be aware of what information could have been seen by another Steam user.”
If you used the online store during the breach, and are still unsure about the safety of your personal details, email firstname.lastname@example.org.