Steam, the number one online platform in the PC gaming market, has suffered a serious security breach leading to an unknown number of accounts being compromised and the Steam community being temporarily shut offline due to a glaring security hole in Valve’s security.
Valve, the gaming corporation behind the widely popular Steam client has patched the bug that led to the account compromise, but not before countless users began complaining about loosing access to their accounts.
The loophole found in Valve’s security wasn’t all that complex, a video on YouTube demonstrates that when using the “lost password” feature on Steam support, all a hacker needed was your account name, and from there they could reset your password, steal your account and do all of this with no email verification necessary.
A video posted to YouTube demonstrates how Steam accounts were being hacked:
Steam’s flaw was severe and led to many prominent Steam members and Twitch streamers loosing access to their account. Often times, account hijackings will stem from outside security issues, such as phishing among other complex methods.
Valve has since confirmed the security flaw, labeling it as a “bug” on July 25th “that could have impacted the password reset process on a subset of Steam accounts during the period July 21-July 25. The bug has now been fixed.”
Following the Steam hack, Valve released the following statement to affected users:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience.
Valve has successfully patched the loophole and has begun taking action against accounts affected in the breach. To combat stolen accounts from being abused, Steam has begun to impose a 5-day ban on affected accounts, but its not clear if account holders will suffer any additional consequences.
Some fear they may loose their account to the company’s “VAC ban” policy, Valve’s anti-cheating system which is notorious for supplying permanent bans and never having them reverted.
As information on the Steam hack comes forward, we will keep you updated.