Steam is undisputedly regarded as one the largest online platforms in the PC gaming market with countless users investing hundreds to even thousands of dollars into their own accounts on a consistent basis. With such a vast network of users pumping an untold amount of time and money into its network you might think that such a platform would have rigorous security standards in place right? Unfortunately, after recent events we have come to find that that has simply not been the case.
Reports concerning the details have remained vague as Valve, the minds behind Steam, have yet to make an official statement regarding the issue but what we have gathered is that there has undoubtedly been some form of breakdown in security due to a flaw in the “forgotten password” feature in Steam’s login interface. We have come to find that the process of hijacking another user’s account can actually be executed with little difficulty as long as one is in possession of another user’s account name. The “hacker” first begins the quick process by clicking on the “forgot my login details” in the Steam client. They then input the Steam username of their selected target into the appropriate field at which point they are prompted with a message from Steam stating that a randomly generated code will be directed to the email on file for the target’s account.
Now traditionally, a user would have to enter this randomly generated code back into the Steam Client in order to proceed forward. However, this is where things really start to become mind boggling..If the hacker simply leaves the field blank and clicks continue they will be allowed to proceed completely unhindered through the page without hitting any rode blocks or restraints of any sort. At this point all that the hacker has to do is change the password to whatever they please and then they have full access into another user’s account. A cakewalk at a carnival would have probably proven to be more difficult than pulling this one off. The entire process is detialed in the video below:
Valve has since corrected the error and closed the loophole but not before numerous users were affected by the breach. Valve has reportedly issued a 5-day “ban” on any accounts that may have been compromised due to suspicious activity during the time in question. A real concern shared by many are from those users who consistently trade on the Steam Market and are worried that they might lose their valuable items. Leading us believe that this may be one of the chief reasons for the five day ban as it will provide valve with a brief window to sift through the mess before items are illegally traded off.
Valve’s silence and lack of a comment regarding the entire issue is concerning to say the least and it goes without saying that Steam users are far from happy with the situation. We definitely expect to see further development regarding the breach as public knowledge begins to spread in the days to come. In the meantime, users are encouraged to keep an eye on their email accounts and avoid discarding any messages relating to password recovery that might look out of place. Take the appropriate actions and verify that your account is still accessible if you detect and suspicious activity.