A number of Steam accounts were hacked during a security lapse caused by a “bug”.
Over the past week, a number of Steam users had their Steam accounts temporarily stolen by hackers due to a security lapse, including a selection of prominent streamers and Dota 2 professional gamers.
The hacks were the result of a security lapse, which Valve is saying is down to a “bug”, and has now since been fixed.
But wasn’t fixed in time for a number of users to see their accounts hijacked, with some users denied access to their accounts because they were being accessed from alien PCs, often on the other side of the world.
The scary thing is the hack was actually ridiculously simple to do. All the hackers needed was your account name, and then they could reset your password, choose a new one and get immediate access – without any kind of verification or email address needed.
You can see just how easy it was in fact via the video below.
Related: Best PC Games 2015 – Steam Controller
It was a pretty terrible loophole for Valve, especially as it’s a service with a reputation for a strong security system.
Normally security breaches on Steam are a result of external security failures as with other gaming platforms like the PlayStation Network or Xbox Live.
A Valve spokesperson has released the following statement on Kotaku, explaining that the company learned of a “bug” on July 25 “that could have impacted the password reset process on a subset of Steam accounts.”
“The bug has now been fixed.”
“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.”
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”
“We apologize for any inconvenience.”