Steam is not having a good Christmas.  While the client seems fine, the web site is throwing up random users when you visit.  Going from one page to another has Steam think you're a different user each time, and reports are consistent that this includes access to payment information.  While I was unable (and honestly, unwilling) to confirm that personally, I can say Steam gave me different friends lists several times.  At this point, if you've got a Steam account, you should probably consider your card info compromised and get ready to give your bank/whoever a call tomorrow to get it changed.  We'll be posting more details on this as they become available.

-UPDATE-  The payment info being shown is the last two digits, which isn't generally considered enough to be of much use.  E-mail addresses and phone numbers were wide open, though, which can be plenty of info to work with.  At the time of this update Steam is, thankfully, completely inaccessible, but this went on for a couple hours earlier today.  For right now it's best to not try to access the web site or have the client open.  While the cause of the issue is a caching issue rather than a hack, the result is still compromised user information and it's going to be a bit before the full consequences of this are known.