X
X


 

Seen any suspicious activity on your Steam account lately? You?re not the only one.

Over the weekend, a major security loophole was discovered in Steam Guard, part of Steam?s two-step verification process for logging into an account. Hackers could gain access to anyone?s Steam account simply by knowing the account?s username and exploiting the password recovery system?no actual passwords or email verification required.

Valve, creator of the Steam platform, has since fixed the bug, and to protect users have reset passwords on any accounts that had suspicious changes over the last week. Since the loophole involved bypassing the password system entirely, no passwords were leaked in the process.

Though no additional accounts can be exploited, the fallout from ones already hacked continues. Many people with prominent profiles, such as Twitch streamers, were the first to be affected, and had their accounts frozen in a five-day ban by Valve to prevent more damage from being done. The ban also affects Steam Market traders, who can have significant amounts of money invested in their accounts. Freezing things for a few days should allow Valve to sort out the mess of hacked vs. legitimate trades. Other users whose passwords were changed can expect to receive an email from Valve with a new password.

In a statement to Kotaku, Valve encourages users to activate Steam Guard to help increase security. Steam Guard protected users from unauthorized logins even if their accounts were compromised.

Read More

About Emma Schaefer

view all posts

Emma’s early gaming was mostly done in secret, as the only gamer in a family of normal people. She still retains skills from this dark period in her life, such as the ability to teleport instantly across the house away from the computer, and holds a gold medal in the Olympic sport of “Hide the Gameboy.” Sorry, Mom, now you know. Find her on Twitter @Emma4EGM

Accounts in five-day lockdown after Steam security breach

By Emma Schaefer | 07/28/2015 12:06 AM PT

News

Seen any suspicious activity on your Steam account lately? You?re not the only one.

Over the weekend, a major security loophole was discovered in Steam Guard, part of Steam?s two-step verification process for logging into an account. Hackers could gain access to anyone?s Steam account simply by knowing the account?s username and exploiting the password recovery system?no actual passwords or email verification required.

Valve, creator of the Steam platform, has since fixed the bug, and to protect users have reset passwords on any accounts that had suspicious changes over the last week. Since the loophole involved bypassing the password system entirely, no passwords were leaked in the process.

Though no additional accounts can be exploited, the fallout from ones already hacked continues. Many people with prominent profiles, such as Twitch streamers, were the first to be affected, and had their accounts frozen in a five-day ban by Valve to prevent more damage from being done. The ban also affects Steam Market traders, who can have significant amounts of money invested in their accounts. Freezing things for a few days should allow Valve to sort out the mess of hacked vs. legitimate trades. Other users whose passwords were changed can expect to receive an email from Valve with a new password.

In a statement to Kotaku, Valve encourages users to activate Steam Guard to help increase security. Steam Guard protected users from unauthorized logins even if their accounts were compromised.

Read More


About Emma Schaefer

view all posts

Emma’s early gaming was mostly done in secret, as the only gamer in a family of normal people. She still retains skills from this dark period in her life, such as the ability to teleport instantly across the house away from the computer, and holds a gold medal in the Olympic sport of “Hide the Gameboy.” Sorry, Mom, now you know. Find her on Twitter @Emma4EGM