If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Valve has squashed the Steam bug that let you steal any account

Steam users were highjacking each other's accounts all weekend, but Valve has put a stop to it.

delicious_steam

We didn't want to report on this while it was happening because it was so, so easy to do, but a frankly embarrassing bug was found in Steam's security this weekend.

You know how Steam sends codes to your registered email address to make sure that you're really you when you try to change your password? Well, it turns out that system had a pretty glaring hole in it: if you entered no code and hit continue, you could proceed as if you'd entered the correct code.

As you'll see in the video below, it was ridiculously easy to do, allowing the unscrupulous to lock people out of their own accounts.

Now, Valve actually has some really great system in place to prevent highjackers getting any actual use out of situations like this; things like trading are automatically restricted after a password change, and Steam Guard will prevent users accessing the account from their own machines, if you've opted into that, which you should (hopefully Steam Guard codes weren't affected by the same problem).

Still, it was pretty bad - but thankfully it's all over now. In a statement supplied to Kotaku, Valve said the problem was caused by a bug, which has now been definitely squashed. Affected users will have to ensure another password reset, but that should be the only fallout.

"Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorised logins even if the password was modified," Valve added.

Cover image for YouTube video

Sign in and unlock a world of features

Get access to commenting, homepage personalisation, newsletters, and more!

Related topics
About the Author
Brenna Hillier avatar

Brenna Hillier

Contributor

Based in Australia and having come from a lengthy career in the Aussie games media, Brenna worked as VG247's remote Deputy Editor for several years, covering news and events from the other side of the planet to the rest of the team. After leaving VG247, Brenna retired from games media and crossed over to development, working as a writer on several video games.

Comments