What sets this apart from other DoS / DDoS attacks which usually just knock a website offline is that it actually caused privacy leaks. It looks like this was likely not a direct intentional result of the attack but a result of a poorly configured mitigation technique:
In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.