"In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic," Valve writes. "During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users."
The bug was live from 11:50AM PST to 1:20PM PST and affected only users browsing the Steam Store at that time. If you didn't access your own private information on Steam during this window, you're fine. Valve is working to identify users whose information may have been compromised and promises to contact them.