We may earn a commission if you click a deal and buy an item. This is how we make money.

Steam accounts hacked during security lapse “bug”

A number of Steam accounts were hacked during a security lapse caused by a “bug”.

Over the past week, a number of Steam users had their Steam accounts temporarily stolen by hackers due to a security lapse, including a selection of prominent streamers and Dota 2 professional gamers.

The hacks were the result of a security lapse, which Valve is saying is down to a “bug”, and has now since been fixed.

But wasn’t fixed in time for a number of users to see their accounts hijacked, with some users denied access to their accounts because they were being accessed from alien PCs, often on the other side of the world.

The scary thing is the hack was actually ridiculously simple to do. All the hackers needed was your account name, and then they could reset your password, choose a new one and get immediate access – without any kind of verification or email address needed.

You can see just how easy it was in fact via the video below.

Related: Best PC Games 2015
Steam Controller

It was a pretty terrible loophole for Valve, especially as it’s a service with a reputation for a strong security system.

Normally security breaches on Steam are a result of external security failures as with other gaming platforms like the PlayStation Network or Xbox Live.

A Valve spokesperson has released the following statement on Kotaku, explaining that the company learned of a “bug” on July 25 “that could have impacted the password reset process on a subset of Steam accounts.”

“The bug has now been fixed.”

“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.”

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”

“We apologize for any inconvenience.”

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.