During the night (UK Time), Steam had a bit of a technological fuckup.
Basically, they were showing pages to different people than they were intended for, so it would look like someone else was logged in. By going to this other user’s account page, you’d be able to see account data. This includes: email address, last four phone number digits, last 2 credit card digits, and if you have Steam Guard mobile installed.
It wasn’t possible to actually do anything with this other user, you couldn’t change stuff or buy games. Valve has released a statement:
Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
Honestly, the real point here is Valve’s lack of communication. They kept the servers up for over an hour before shutting them down, and didn’t post anything on their two social media accounts, and of course there are the crippling support issues. Valve is a major company, raking in huge amounts of money, yet it’s run like a lemonade stand.
Luckily, it’s not possible to steal someone’s money with the information leaked, but that doesn’t make the problem any better.