在去年圣诞节期间,PC游戏平台Steam在线玩家发现其遭受到了数小时的宕机。根据Valve随后公布的细节,由于遭到 拒绝服务式攻击其合作商在部署新缓存规则时发生了错误,导致约有34000名在此期间购物的用户受到影响,无意中查看到了他人的Steam账户信息(包括 错误分发的电邮地址、账号地址、信用卡号末尾等,但用户无法凭借这些完成购买)。虽然Valve已经公开就此事道歉,不过Valve对受影响用户个人的道歉似乎 来得比较晚,直到数月后的今天才有部分受影响的用户接收到了Vavle就此次意外泄露事故的道歉邮件。
据外媒TheVerge报道,受影响的用户终于收到了来自Vavle的致歉邮件。信件中明确了事件发生的明确时间为2015年12月25日,太平洋时间11:50-13:20分,如果用户正在此段时间内访问Steam Store,则为可能受影响的用户。Valve还在信中写明了其它一些细节,也向用户确保其被外泄的部分账户信息无法完成任何交易,也不能确定个人真实信息,只是被其它Steam用户无意地查看了。最后Vlave真挚地向他们进行道歉。同时希望他们能够采用更安全的验证步骤确保此类事故不再会发生。
信件内容:
Dear Steam User,
As you may know, for a brief period on December 25th, a configuration error resulted in some Steam users seeing incorrectly cached Steam Store pages generated for other Steam users. If you are not familiar with the issue, an overview of what happened is available at https://store.steampowered.com/news/19852/ .
If you accessed the Steam Store between 11:50 PST and 13:20 PST on December 25th, your account could have been affected by this issue. If you did not use the Steam Store during that time, your account was not affected.
Between the times above, a requested web page displayed during your Steam Store checkout process may have been incorrectly displayed to another Steam user in your local area. This page may have included billing information previously saved to complete future purchases including your full name, billing address and billing phone number. It may have also included the last two digits of a credit card number or a PayPal email address, if previously saved for future purchases. It did not include full credit card numbers, Steam account passwords, or other information that would allow another user to complete a transaction with your billing information.
We are contacting you because an IP address previously used by your account to access Steam made a web page request as described above. Because IP addresses are commonly shared for home networks, mobile devices and by internet providers, we are unable to verify that your account was actually the one that made this request. For example one affected IP address was previously used by over 1,700 Steam accounts. Consequently we are notifying all users who have previously used this IP address.
This event did not make it possible to compromise your Steam account or make a fraudulent transaction from your account, but we want you to be aware of what information could have been seen by another Steam user.
We're sorry this happened and have taken steps to prevent this problem from occurring in the future.
If you used the store between 11:50 PST and 13:20 PST on December 25th and you have questions please email cachingissue@steampowered.com.
- Valve