Some Steam accounts were stolen during the period from July 21 to July 25 due to a security flaw in the service's password reset procedure, Kotaku reports. The hole, which Valve learned of on July 25, allowed an attacker to reset a Steam account's password without a security code using only the account's name. Valve claims it has since closed the security hole.
This YouTube video shows how the attack worked. This user then Tweeted that because of his video, his own account got hijacked. Whoops.
In a statement to Kotaku, a Valve spokesperson says that the company has reset passwords on affected accounts and contacted affected users. "Relevant users will receive an email with a new password," the statement reads. "Once that email is received, it is recommended that users login to their account via the Steam client and set a new password."
Valve also says users with Steam Guard enabled did not have their accounts hijacked. Steam Guard requires owners of protected accounts to enter a security code to log in from a new browser or PC. That service apparently worked as intended.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||22|
|Seagate 5TB BarraCuda and 2TB FireCuda drives are big and speedy||17|
|Nvidia licenses Rambus' DPA tech for side-channel data leak prevention||17|
|iOS 10.1 update includes portrait mode beta for iPhone 7 Plus||6|
|Biostar belatedly announces GTX 1060 graphics cards||12|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||11|
|AMD drops prices on the Radeon RX 460 and RX 470||54|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||33|
|Signing your posts is daftly redundant. Meadows||+27|