Steam Accounts Compromised After Password Reset Exploit Found

Valve has begun resetting numerous Steam passwords after some users found they could easily hijack another person’s account.

It appears that the security flaw was discovered at some stage in July, and became more prominently known as users passed around the knowledge. Valve has said it has now fixed the issue, and that it is “resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected.”

The ease in which users can hijack others’ Steam accounts had come as a surprise for some users. In the video below, one streamer shows that the process begins by clicking on the “forgot my login details” on the Steam client. After this, a “hacker” would need to enter their target’s Steam account name, after which the client responds with a message saying that a randomly generated code has been sent to the email address associated with the target’s account.

Normally the user would need to copy the random code sent via email and paste it into the Steam client. However, if players type in no code at all and click continue, they will still be allowed to proceed. Then they can create a new password for their account.

Valve has since assured that those affected will be looked after. It also has said the loophole has been closed.

“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected,”

“Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.”

“Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”

Were a few statements released by Valve to help ensure those might be affected by this exploit accounts are being handled properly. If for any reason you feel like your account has been compromised by this exploit, make sure to change your password as soon as possible to be as safe as possible.

Video of the day

Madden 16 Gameplay!