Seeing Other People's Steam Accounts: The Christmas Caching Catastrophe

I may or may not have panicked and angrily emailed a German man demanding my account back. sorry German dude.

"You can't sell someone a game they already own"
EA: hold my business model

Loved how you started and ended with "Chinney Reckon". Thank you for explaining this whole debacle.

3:02
That was the moment I realized that the word "server" comes from "serve"....

Hey Tom! Thanks for the video explaining the issue. I was actually one of the guys at the MCR Creator day, great panel!

I guess you could call this problem..........................
A cache 22

People claiming that "someone" bought a load of shitty games on their accounts aren't necessarily lying, the might be just stupid. I had the brilliant Idea of adding some shitty games to someone else's wishlist and as I saw today, they endet up on mine. So if somebody tried to screw a random user by buying al lot of games for them, they might just have bought them for themselves and with their own money. Some might call this karma...

"There's no point in trying to sell someone a game they already own"
*Todd Howard chuckles in the distance*

steam is always trying to sell me games I already own

“It’s Christmas, and I’m home with my family”
How very 2015 of you

Hey Tom, no chance you'd see this, but do you play video games, or does coding just take up your day?

Well, I have to admit: the second thing I thought of when learning of this Steam bug - right after "oh God does that mean that everybody can see my - oh wait no I'm not logged in, let's not log in" - was "I wonder if Tom Scott's gonna make a video about this".
Love your stuff, as always!

All the claims that people had stuff bought on their accounts are complete BS. As you said, the pages were just returning errors if you tried to change anything and credit card numbers were not leaked in full, just the last two digits. It was a pretty massive screw up, but thankfully it wasn't nearly as bad as it could have been.

seeing a snapshot of the steam homepage in late 2015 was an absolute treat thank you tom

Gotta love the "yes I already asked Nerd3"
edit: oh look, 1200 likes after 4 years for some reason

6:38 It's sad that one of the requirements has to be "not a terrible human being"...

3kiksphillip! It looks like you two would get on together perfectly

This video was great. Everything explained so neatly and tying the end to the beginning was absolutely lovely. I'm gonna just have to marathon all your videos now.

I think the only thing missing was the phrase "idempotent". Requests that are eligible for caching are generally ones that are idempotent; that is, the data you get back generally won't change regardless of what state you're currently in. Overall, good video, and Happy Holidays.

I love how these videos on the one hand make me feel like a total idiot (I don't know anything about computers or the internet), but on the other hand manages to make me understand what is going on after a while.

I love watching these videos. Even today, they're very useful. I'm a programmer myself, and watching these videos are great ways to make sure I don't make the same silly and devastating mistakes. I've made a few of these dumb mistakes before, and this channel (and others like it) are very entertaining and educational too.
Personally, I use caches for static data. My websites are nearly always dynamically loaded. So if I was running steam, the basic boilerplate website would be sent to your browser (cached), and your browser would start running some JavaScript. This JavaScript would start loading in all the dynamic content. So, it might call the server asking for the top 100 games, and this data would be cached since top 100 won't change often. If it asked for recommended games, this data would be cached, but cached for that user only. By having all my pages split into static and dynamic content, I can cache a lot of the website. Like the page to buy a game, I can cache nearly all of the website, the image, the description, the price, all that. I just won't cache the portion that says if the game is purchased or not.

I'm surprised that Steam only had 10K games in 2015 and has 30K games now. I thought it was in the millions.

I really like this channel, I really appreciate the way you go about everything with out the screaming, shouting, swearing, hating, I just really appreciate that.

"yes I already asked nerdcubed he's busy" still makes me smile to see that.

I have no idea who are you are Tom, and I'm not big into your subject matter above gaming quiet a bit myself but you have the nicest delivery of any human being I have ever seen. Listening to you is like liquid velvet for my ears. Merry Belated Christmas and Happy New Year! Much love from Southampton

Probably the best and simplest explanation of a computer/server issue I have ever heard. Kudos.

Not a terrible human being in or near London? That's a tall order friend, a tall order!
I'm just kidding, I loved the time I spent working in London :P

How does such a young man, have such a wise and mature voice? I'm 25 and still sound like a kid.

So... I know of a TH-camr that matches the requirements (not sure about where he lives though; his accent sounds British, anyway), but I don't personally know him...
His channel is called A+Start, I hope I'm not completely wrong about him being British.

Love that you not only explain it but make a well written explanation not just a thrown together one

6:18 might be worth mentioning that the cached data includes a csrf token which is used to authorize the post request. Without it, any website can tell steam that you want to buy a game using your cookie and thus it was possible until they invalidated the sessionids that someone could have bought games with your account.

Just when you forget about the start of the video, he brings it back at the end. Great video.

There was a time where any user could ask for a password change with the secret questions, even a wrong answer would let you ask for a password change. (thought the video would be about that :D)

I love that you specified "Not a terrible human being" at the end there.

Try Lewis Brindley from the Yogscast, he or someone else there might be what you're looking for. They have a business email on their website :)

Thumbs up for working so hard and getting a video up even during the holiday weekend.

i see ferreros in the background
lucky bastard

Paul aka "Squirrel" meets all of these requirements and has an IT background. Love your vids, keep it up.

Goddamn this guys voice is so soothing.

Thanks TotalBiscuit for signal boosting this great, succint and understandable explanation that is very useful for less computer savvy people!

Disney+ managed to go one better. A nice big breach that meant that someone else logs into your account, changes the names of your family members, and starts adding their favourite content to your lists.

Great video, fantastic explanation. I really appreciate the effort you put in to these videos Tom. Have a great new year.

I remember this. I was so confused , because I wanted to add some money to buy something and each time I clicked my vallet someone elses name showed up and their money. I never got to buy whatever it was I wanted that day :(

Chinny Reckon!!!! Brilliant Tom. Had forgotten all about that. Have a great Christmas!!

What about Dad³? ... Oh "*smart* and *not sweary/shouty*" well I guess I answered my own question :)
Serious answers though:
TotalBiscuit (EDIT: Didn't know he moved)
TheMightyJingles
Hat Films (EDIT: Yes they can be "sweary")
EDIT:
FrankieonPC (Not sure where he lives, and he won't show his face)
2kliksphilip/3kliksphilip (Again not sure where he lives)

The two youtubers/streamers I personally really like are The Mighty Jingles and Quickybaby. I do not know their excact living area except that it is in Britian. Nor do I know their shedule. However they do qualify for the rest of the criteria. They are very famous within the World of Tanks community to the extent of being guest commentators for the World of Tanks Grand Finals in Poland. They are gentleman. And some of the most decent poeple I know. The biggest example is the charity event quickybaby organized which raised over 22 thousend pounds. Jingles also helped with this. I think they are amazing, but that is just a personal opinion.
Next to that thanks for taaking the extra time of on christmas for this video

Does anyone know if Tom ended up making that vid with a streamer?

4 years ago. Time flies even when you aren't having fun.

"It is Christmas, I'm home with my family."
Not this year.

I'd like to recommend TotalBiscuit. He's a very intelligent game journalist who would probably be ideal for anything you are planning. Big fan for a long time, keep up the funny and informative videos! Really enjoy the Citation Needed series too!

What about Enter Elysium, I think he lives near london and is pretty cool.

a TH-camr that fits that description is surely ashens. he's brill, and I lovely bloke.

"I already asked nerdcubed, he's busy." I'm laughing so hard

Always at least "good" videos. Most times they are great.
2 videos in 1, thanks for the heads up about Steam.
Bonus on the Chiny Wonder part (I think that's what you said, I have a cold I'm getting over). Here in the U.S., back in the 80s, we used Sike. That's how most spelled it. Sometimes I saw it spelled (years later in books) as Psych, or Syke. Which, you can understand where it came from. As in, "Are you trying to mess with my mind and psych me out?" We just said "sike". Usually, drawn out, with an elongated "si" & a very hard "k".

ok youtube, you dont have to show me this video again. it was 5 years ago, ok?

You're quick!
My steam store page was in Russian yesterday, but I didn't think much of it. Interesting stuff...

This is why you use Steam Gift Cards.

Probably worth mentioning that everyone trying to check their account details to see if they were safe... we're ensuring that their account details page got cached too, hence people being able to see full names, addressed, and the last 2-4 digits of their card numbers. Whoops.

TotalBiscuit, The Cynical Brit - 2M+ Subscribers
Good Guy with a subjective, thoughtful approach to game reviews and lets plays.

I watch this every year now, its a minor tradition.

+3kliksphilip ?
For the collaboration

The Mighty Jingles matches all of the requirements you set for a TH-camr. He does lots of fun stuff! :)

So, my Steam account was not online during this shitstorm, would that mean my info is pretty much safe? I changed my password (via the steam client), so I know it is secure in that regard.

Lathland! He lives in Manchester, which is.. almost London. He is a bit more of a technical gamer, most certainly not a terrible human being and his accent is to die for. (seriously, that alone makes his videos worth-a-while).

this was three years and now in my recommended exactly three years later on Christmas 2018 good job yt🤦‍♂️

I learned a lot about how the internet works in this video. Thanks!

You asked Nerdcubed? BUT HE LIVES IN CANADA

I was waiting the whole time for this video.. :P

Hey Scott! Nice video, very well explained. I even understood over half the words!
I'm no bigshot TH-camr but I live in Essex (about an hour outside London) and I'm a gaming TH-camr/streamer. I believe I would match your criteria and would love to discuss maybe doing a collab with you! I hit you up on Twitter too,
Cheers mate, Merry Christmas.

NOOO! TOM AND NERDCUBED COULD'VE COLLABED BUT DIDN'T?! I'VE BEEN WAITING FOR THAT DAY FOR SO LONG!

Ha, glad I read the whole thing because Nerd Cubed would be the best person to go with in my opinion. It's unfortunate that he's busy.

3kliksphillip

Tom, this was my real Christmas gift this year l. surprise video from you. :)

I was thinking nerd 3 when reading the list 😂

Hi Tom! I know that you probably won't see this, but I love your videos and I want to say thank you for spending your time making them.

Have you asked +ThatMumboJumbo yet? :)

Good video. Have a merry Christmas and a happy New Year!

"You can't sell someone a game they already own"
EA: *Truth is... It was rigged from the start.*

You know it's a UK Christmas when you've got the ferrero rocher out

come on people of 2020, lets talk about google services this december

Wow, I would love a Tom Scott + Nerd³ video in the future! XD

I would suggest Josh (RageGamingVideos) as you have already asked Nerd³ :D

I totally remember chinny reckon. And Jackanory. I also wish I had enough of a following to be useful for your collaboration mentioned at the end. Great video - another sub gained.

Total biscuit! (aka cynical brit)

(5:35) Norwegian tax returns are public anyway. In Sweden, you can check someone's income, taxed amount. I'm not sure about tax return though, but that's at least a thing in Norway.

80% percent on aoe2 is a fantastic deal though..

I've never seen Jon from Many A True Nerd put his face on camera, but I think he fulfills all the other requirements. Might give him a shout.

I was going to say Nerd3, dammit.

ik keep upvoting this content, video after video. Can't help it. It's that good

I live in Christchurch and I game stream is that close enough? I have about 3 viewers Kappa

the description for the gamer throws out all the best youtube gamers though, in my opinion at least.

If your requirement wasn't "in or near london" I would have suggested Totalbiscuit (TotalHalibut on youtube). Maybe you can have him on a skype call :D
Another person that (as far as I know) actually lives in london is Sacriel (twitch.tv/sacriel and sacriel42 on youtube). He has a decent following and might be up for some collabs.

I like your Christmas costume! It goes just with the festive colours.

Hey nice! You said $2 as 2 Bucks! #AussiePride

I can imagine his parents saying "c'mon Thomas, put your toys away".

I guess you could call it a cachtophe
i will leave now

I was wondering why steam was in russian for me at certain points yesterday, thanks tom! :)

I'd try GradeAunderA

2:01 is that not why cluster servers where made? Even with that, a cookie still has to check (user side) if the user has similar page request loaded from the user side cache. Now as you say if the personal information was sent and didn't match Steam has a bigger issue then personal info being displayed they have a massive issue with how there with authentication service within the cache system works.

One take😳