Per Eurogamer, Steam’s store is undergoing a serious problem at the moment. The store for the site has been pulled offline after a major security error exposed the personal information for thousands of users. Customers who logged into Steam on Christmas might have been greeted with account details for other users’ accounts and not their own. As a result of the breach, usernames and PayPal e-mail addresses, purchase histories and other various private information were all visible.
The good news is that no new purchases could be made despite the leak of the private information. Account details could also not be changed. However, the leaked information could still cause other services to be compromised.
Going by the report, some users were able to access personal information from dozens of other users. The breach caused accounts to be visibly shown at random whenever the pages were refreshed in the web browser. Even using Steam Guard and Mobile Authenticator reportedly did not stop users’ private information from showing up.
The information breach is suspected to be a type of caching error on Valve’s end. So it does not appear there was any malicious hacking attempt on Steam here. The caching error apparently ended up serving the wrong information to the incorrect users.
Valve and the Steam help desk have not yet weighed in on the issue.