http://www.theverge.com/2015/12/25/10665814/valve-steam-holiday-sale-security-problems TL; DR: Steam is being hacked, if you buy anything or try to change your passwords or whatever, your account has a chance of getting hacked. So.. Simply log off steam for a while. So what to do in the meanwhile? Well.. Go to your steam profile, copy the steam profile url and paste it in here. https://steamdb.info/calculator/ And you can see how much monies you might lose this 1-day late christmas present from Valve and whoever decided to hack them. Cheers! Stay drunk and tuned.
This is probably not a hacker attack. Some say this is aftermath from the ddos attack that apparently occured earlier today. Problems with steam cache server. Steam confirmed its not a hacker attack here: http://steamcommunity.com/discussions/forum/0/458604254431478327 It seemed like every time some of the specific urls were loaded, you would suddenly become some specific user. So as far as I know, only things that could have been leaked are your email address, address, purchase history, phone number, your account balance or similar stuff. I personally dont think any of that is really abusable, atleast unless you would have a bit more informations about the user, or passwords or the whole creditcard info. But none of that should be visible or stored at cache server. Or it is encrypted. But you never know.
Store servers are down so there shouldnt really be any risk using steam now. It was only an issue on steam store website. So anyway, even if they were up and still fucked, you just have to not use the store. https://steamstat.us/ EDIT: btw, if the steam was ddosed earlier, it doesnt mean it was compromised. DDOS is just a poor attack to take servers down, not to gain access.
This is a nice post from reddit: And explanation on cache server problems: Nothing official though. EDIT: or another explanation:
Everything should now be fixed. Somewhat official: http://steamcommunity.com/discussions/forum/0/458604254431478327/
I tried to wishlist Mount Your Friends but my dude already had it. Bummer I tried to wishlist Sakura Spirit but it literally didn't work
You couldnt really do any changes if thats what you mean. You only had a cached "image" of their session, simply said.
Official from Valve: EDIT: Just to say, exposed people should be warned of social engineering attacks /scams. As this did make it easier and put targets on peoples back.
Just to say, it looks like there is still no other response on this from Valve. https://www.reddit.com/r/Steam/comments/3ykfwt/we_shouldnt_be_okay_with_the_fact_that_valve/ EDIT: -source: http://store.steampowered.com/news/19852/