13 Jan Valve Comes Clean With Customer Information Exposure
Unless you’re a PC gamer, you might not even know what Steam is. It’s an online platform owned by Valve, Corporation for purchasing, downloading, and playing computer games. No need to go to your local tech shop, or the nearest Game Stop to buy a physical copy, you can just grab a digital copy on Steam. Anything you purchase is placed in the cloud, and you can download, install, and play at your leisure.
Steam commonly faces DoS (Denial of Service) attacks, and is generally quite adept at handling them. On Christmas day, however, the hackers got the better of them. A pair of extended attacks had the unusual side effect of messing up the site’s caching system. The result? When some users of the service logged in, they were greeted with account information and details belonging to other users.
In all, some 34,000 user accounts were impacted, making this a rather small-scale breach, when compared to others like the 109 million people who recently saw their voter registration information compromised. Small or not, however, it’s worth mentioning here, for a couple of different reasons.
First, it underscores that no company or organization, regardless of the business they’re in, is safe from these kinds of attacks or the trouble they can cause. So far we’ve seen major breaches at big box retailers, insurance companies, banks, toy companies where the data of children was targeted, political organizations, hotels and yes, gaming companies. Whoever you are, and whatever business you’re in, you’re not immune. It’s just that simple.
The second point it raises is one of the inherent weaknesses of cloud-based systems. As a result of the attack, Steam was forced to shut its site down until they could correct the issue. That left all of Steam’s customers unable to access the service and their games until the crisis had passed and the site was back up.
The cloud is a wonder, and its value to business is without question. Having said that, it’s also clear that there are certain challenges and potential problems with an over reliance on any single technology, as this latest attack demonstrates. This should definitely not dissuade any business owner from embracing cloud technologies, but it should encourage them to do so with eyes wide open, and a plan in place, should the worst happen. You can read the Valve’s official company statement about the Steam exposure here.