Valve Steam bug enables accounts to be hacked

A serious bug in Valve’s Steam engine has allowed cybercriminals to steal user credentials over the past week, according to reports.

Kotaku reports that although the fallout makes it sound like a complex issue, the bug appears to be pretty basic – a video in the Kotaku post shows that from the “lost password” section of Steam support all an attacker needed was your account name, and from there they could reset your password, choose a new one and get access to your account, with no verification or email address needed.

Valve fixed the issue after it was brought to light, but many users have complained that their accounts had been hacked in the interim.

Valve issued a statement, according to TrustedReviews, saying: “To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

“Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorised logins even if the password was modified. We apologise for any inconvenience.”

Steam is regularly targeted by hackers due to its considerable popularity. As we reported recently, attackers have resorted to hiding malware on fake game pages to compromise gamers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s