This is how easy it was to hack Steam

An exploit in Steam’s account recovery system made it possible for anyone to take over a Steam account for at least the past five days, Rock, Paper, Shotgun (RPS) reported.

The digital distribution service for video games was offline on 26 July while Valve, which owns Steam, worked on the issue.

RPS said that Valve has been silent about the vulnerability and the downtime, but added that the security hole appears to be fixed.

A Twitch streamer demonstrated the ease with which it was possible to exploit the vulnerability, showing that all a would-be account hijacker had to do was know your username.

There is no indication that changing passwords in this way allowed attackers to bypass Steam Guard, which requires that logins from unrecognised devices be authenticated with a one-time password sent to your e-mail address.

At least one report from a Steam user suggested that attackers may have been able to bypass Steam Guard without hacking an e-mail account.

However, there is some debate about whether the “hackers” were able to access their victim’s Steam account.

Users with Steam Guard active therefore may not have been vulnerable to the attack, except for being inconvenienced by their passwords being changed.

“Find my iPad” tracks down 5 robbers

This is how easy it is for criminals to steal your identity

Steam Controller confirmed for South Africa

Steam now gives refunds on games

Steam online video game store getting rand support?

Latest news

Partner Content

Show comments

Recommended

Share this article
This is how easy it was to hack Steam