| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to security breaches and attacks on the Steam gaming platform has happened again within the same organization. The article mentions that Steam has been coping with frequent and varied attacks, with user data being posted online by malicious hackers. These attacks include phishing attempts, in-game spam, scam titles hitting the Steam Store, and malware disguised as game hacks [26616].
(b) The software failure incident related to security breaches and attacks on the Steam gaming platform has also happened at multiple organizations. The article highlights that Steam account data has been seen floating around on the black market, indicating that attacks on user data are not limited to just one organization. Additionally, the article mentions that attackers are constantly trying to bypass Steam Guard, a form of two-step authentication for verified Steam accounts, which suggests that similar security challenges may be faced by other organizations as well [26616]. |
| Phase (Design/Operation) |
design, operation |
(a) The article mentions a software failure incident related to the design phase where developers of the Early Access game FPS Earth: Year 2066 faced criticism for its poor quality, with claims that it was a scam [26616]. This indicates a failure due to contributing factors introduced during the system development phase.
(b) The article also discusses a software failure incident related to the operation phase where developers of the popular Steam title Garry’s Mod noted an exploit affecting titles based on Valve’s Source 3D video game engine, leading to spam messages being sent both in-game and in Steam chat [26616]. This incident points to a failure due to contributing factors introduced by the operation or misuse of the system. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in the articles is primarily due to contributing factors that originate from within the system. The incident involves various attacks on the Steam gaming platform, such as in-game spam, scam titles, malware disguised as game hacks, survey scams, and phishing attempts within the Steam community tools [26616]. Additionally, there are vulnerabilities within the Steam Guard two-step authentication system that attackers are trying to bypass, indicating internal weaknesses in the system [26616]. The exploitation attempts against the platform and the creation of sites asking gamers to upload their SSFN file to bypass Steam Guard also point to issues originating from within the system [26616]. Furthermore, the concerns over Valve's Early Access model allowing poor quality games and potential scams to flood the marketplace highlight internal control and quality assurance challenges within the platform [26616]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The article reports on frequent and varied attacks on the Steam gaming platform by malicious hackers, with user data being posted online. These attacks are facilitated by botnets, which are networks of infected PCs controlled by hackers, siphoning off login credentials from infected machines [26616].
(b) The software failure incident occurring due to human actions:
The article mentions instances where gamers have been caught out by malware disguised as game hacks and survey scams, or have paid hackers to acquire achievements for them. Additionally, phishing attempts have been a problem on Steam, with scammers trying to trick users into giving over credentials. There are also concerns about Valve's Early Access model allowing for the quick upload of games to Steam, potentially leading to scam titles flooding the marketplace [26616]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article mentions that hackers have been creating sites asking gamers to upload their SSFN file, which is created when Steam Guard approves a device. This file is checked when logging in, and getting hold of it allows scammers to bypass Steam Guard entirely, indicating a vulnerability in the hardware authentication process [26616].
(b) The software failure incident occurring due to software:
- The article highlights various software-related failures such as in-game spam, scam titles hitting the Steam Store, malware disguised as game hacks, survey scams, phishing attempts, and exploits against the platform. Additionally, there was an exploit affecting titles based on Valve's Source 3D video game engine, allowing the sending of files with any extension to a user's PC or a game server [26616]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. The incident involves malicious hackers targeting the Steam gaming platform, with user data being posted online by hackers [26616]. The attackers are using botnets to harvest Steam credentials and sell them on the black market [26616]. Additionally, there are mentions of in-game spam, scam titles, malware disguised as game hacks, phishing attempts, and exploitation attempts against the platform [26616]. These actions indicate a deliberate intent to harm the system and its users. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to poor decisions can be seen in the article where it mentions Valve's Early Access model allowing for quick and easy upload of games to Steam. One specific game, FPS Earth: Year 2066, was removed from the market due to poor quality and claims of being a scam. This incident highlights the consequences of poor decisions made by developers in promoting and publishing games on the platform [26616].
(b) The software failure incident related to accidental decisions can be observed in the article discussing the exploit affecting titles based on Valve's Source 3D video game engine, such as Garry's Mod. This exploit allowed for the sending of files with any extension to a user's PC or a game server, resulting in spam messages being sent in-game and in Steam chat. This unintended consequence of the exploit showcases how accidental decisions or vulnerabilities can lead to software failures [26616]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The article mentions a specific incident related to the Early Access model on Steam where a game called FPS Earth: Year 2066 was removed from the market due to poor quality and claims of being a scam. This incident reflects a failure possibly due to development incompetence, as the game was criticized for its quality issues despite being available on the platform [26616].
(b) The article also discusses an exploit affecting games based on Valve's Source 3D video game engine, such as Garry's Mod, which allowed attackers to send files with any extension to users' PCs or game servers, resulting in spam messages being sent in-game and in Steam chat. This incident could be categorized as an accidental failure, as it was likely not intentionally designed by the developers but rather exploited by malicious actors [26616]. |
| Duration |
permanent |
(a) The software failure incident described in the article is more of a permanent nature. The article discusses how the Steam gaming platform has been coping with frequent and varied attacks by malicious hackers, with user data being posted online and sold on the black market [26616]. These attacks have been ongoing and persistent, indicating a continuous and permanent issue with security vulnerabilities on the platform. Additionally, the article mentions various tactics used by hackers to exploit Steam accounts, such as phishing, malware disguised as game hacks, and attempts to bypass Steam Guard authentication [26616]. These factors contribute to a long-standing and persistent software failure incident rather than a temporary one. |
| Behaviour |
value, other |
(a) crash: The incident involving the popular Steam title Garry’s Mod noted an exploit affecting titles based on Valve’s Source 3D video game engine, which made it possible to send files with any extension to a user’s PC or a game server, resulting in a variety of spam messages being sent both in-game and in Steam chat [26616].
(b) omission: The article mentions that gamers have been faced with myriad attacks, including in-game spam and scam titles hitting the Steam Store. Additionally, phishing attempts have become a problem on Steam, with scammers trying to trick people into giving over credentials [26616].
(c) timing: There is no specific mention of a failure related to timing in the provided article.
(d) value: The incident highlights the issue of Steam account data being stolen and sold on the black market, indicating a failure related to the system performing its intended functions incorrectly [26616].
(e) byzantine: The article does not provide information about the system behaving erroneously with inconsistent responses and interactions.
(f) other: The article mentions concerns about Valve’s Early Access model allowing for quick and easy upload of games to Steam, with one game being removed from the market due to poor quality amidst claims of being a scam. This could be considered a failure related to the system behaving in a way not described in the other options, potentially related to quality control or oversight [26616]. |