Then they can create a new password for their account.
Advertisement
RPS said that Valve has been silent about the vulnerability and the downtime, but added that the security hole appears to be fixed.
So it was open for attack and anyone could break into a Steam account and change the password without needing access to the recovery email address. Still quite the foul up and a reminder that single misplaced lines of code can shutdown the majority of our game collections. It triggered as it should, though now those players that were effected can’t trade anything for another four days, even after getting their accounts back. If he left the “enter the code” field empty, he could click through to the “new password” page.
The bug is now fixed. Steam Guard is a precaution that emails you when your account is accessed from an unknown device.
A Valve spokesperson has released the following statement on Kotaku, explaining that the company learned of a “bug” on July 25 “that could have impacted the password reset process on a subset of Steam accounts”.
The email continues, “To protect users, we are resetting passwords on accounts that changed passwords during that period using the account recovery wizard”.
The exploit has since been resolved and Steam has forced password resets on accounts showing suspicious activity.
“Please note that while your password was potentially modified during this period the password itself was not revealed”.
Valve also says users with Steam Guard enabled did not have their accounts hijacked.
Advertisement
“We apologize for any inconvenience“. Valve’s security is usually top-notch, but this weekend, that changed. The total Steam revenue in 2014 reached an estimated $1.5 billion.
