[SignMeTheHELLUp]

Can anyone confirm, was it possible for someone to view data of a specific, chosen account or were people just being logged into random accounts.

In other words, could an attacker exploit this bug to "dox" a specific target?

[renekooi]

It was random. According to SteamDB[1] it was a caching issue that ended up sending random pages to the wrong people.

Possible explanation from unknown source: https://www.reddit.com/r/Steam/comments/3y7le9/im_logged_in_...

[1]: https://twitter.com/SteamDB/status/680490823226671104

[SignMeTheHELLUp]

Thanks. Based on that information any privacy-conscious users should simply not use Steam or the Steam website until the bug is fixed. By not using Steam, their pages won't end up in cache and will not be leaked to others.

[ryanlol]

Yeah, but there's other bugs that do let you do that (pull peoples account info). I've found a plenty of exploitable vulnerabilities on steam but stopped reporting them after their support told me to go post "suggestions" on their forums instead.

[XMPPwocky]

Email security@valvesoftware.com; I've reported loads of things there (some serious, some pretty trivial), and they're actually very good about responding to things these days. Steam Support is totally useless, though.

[XMPPwocky]

Yes.

An attacker could send you a URL with a random query parameter, which would be ignored by Steam. But the response would be cached- with that query parameter. The attacker could then visit the URL themselves, and see private information.

An attacker could also grab CSRF tokens from the page, and perform certain actions on a victim's account.

[SignMeTheHELLUp]

Good point. The effectiveness of that kind of attack will come down to the user's wetware.