Advertisement

Valve slays Steam bug that allowed any account to be stolen

by Eric Frederiksen | July 28, 2015

Someone discovered a dangerous Steam exploit over the weekend that has since been repaired. When you want to reset your password, Steam sends a code to your email that you then punch in to verify that you should, in fact, be resetting it. While the bug was active, you could just click past that box without filling anything out. Uh-oh.

Valve has some other safeguards in place in case that happens, though, too. Trading is automatically restricted after a password change, and Steam Guard codes were unaffected by the bug, so if you’ve enabled this feature on your account this was only a minor problem, as the ne’er–do–well never saw your password or email address at any point during the process.

Valve released the following statement once the bug was fixed:

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorised logins even if the password was modified.

We apologise for any inconvenience.

Hopefully this didn’t affect any users in a massive way before it was fixed.


Advertisement


Eric Frederiksen

Eric Frederiksen has been a gamer since someone made the mistake of letting him play their Nintendo many years ago, pushing him to beg for his own,...Eric Frederiksen has been a gamer since someone made the mistake of letting him play their Nintendo many years ago, pushing him to beg for his own,...


Advertisement