The Steam website was completely broken for several hours today. Attempting to load any page on the site would give you another user’s version of that page including any personal details. This was also happening in the desktop client. Users on several sites produced screenshots that included blacked-out versions of pages that had other users’ details such as their billing address and Steam usernames. For example, I was able to load other people’s shopping cart just by visiting the regular cart page. Unlike many other services, the login username on Steam is to be kept secret.
As of this writing, hours later, logging in to Steam via the website just takes you to a logged-out version of the Steam page. The SteamDB site (not affiliated with Valve or Steam) has written up a note about the outage and security leak with some assumptions about how it happened. I agree with their suggestion to not store credit card details with Steam, or any online vendor as Sony proved a few years ago when their online storefront was hacked.