A midday denial-of-service attack on Steam, Christmas day, likely exposed the personal information of 34,000 users via store page requests made between 11:52 a.m. and 13:20 p.m. PST.

Some pages included a Steam user's billing address, the last four digits of their Steam Guard phone number, the last two digits of their credit card number, and/or their email address.”

Steam assured its users that the cached pages did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.”

Users who did not browse a Steam Store page with personal data during that time period shouldn't worry that their information had been exposed. Its partner, Valve, are trying to identify the users affected and will contact them accordingly. No unauthorized activity has been spotted.

Source: SCMagazine