Steam Accounts Compromised After Major Password Flaw
Valve issues public apology and resets passwords on a affected accounts
Valve has begun resetting numerous Steam passwords after some users found they could easily hijack another person’s account.
It appears that the security flaw was discovered at some stage in July, and became more prominently known as users passed around the knowledge. Valve has said it has now fixed the issue, and that it is “resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected.”
The ease in which users can hijack others’ Steam accounts had come as a surprise for some users. In the video below, one streamer shows that the process begins by clicking on the “forgot my login details” on the Steam client. After this, a “hacker” would need to enter their target’s Steam account name, after which the client responds with a message saying that a randomly generated code has been sent to the email address associated with the target’s account.
Valve assures us tat public loophole has been dealt with and states that “relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
“Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”
Bad rep for the company, for sure.