Some Steam accounts were stolen during the period from July 21 to July 25 due to a security flaw in the service's password reset procedure, Kotaku reports. The hole, which Valve learned of on July 25, allowed an attacker to reset a Steam account's password without a security code using only the account's name. Valve claims it has since closed the security hole.
This YouTube video shows how the attack worked. This user then Tweeted that because of his video, his own account got hijacked. Whoops.
In a statement to Kotaku, a Valve spokesperson says that the company has reset passwords on affected accounts and contacted affected users. "Relevant users will receive an email with a new password," the statement reads. "Once that email is received, it is recommended that users login to their account via the Steam client and set a new password."
Valve also says users with Steam Guard enabled did not have their accounts hijacked. Steam Guard requires owners of protected accounts to enter a security code to log in from a new browser or PC. That service apparently worked as intended.
|Aerocool's Project 7 P7-C1 Pro case reviewed||6|
|Google Project Tango is dead—long live ARCore||3|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||5|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||13|
|Antec P110 Silent touts quiet looks and quiet operation||10|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||14|
|Monkey Day Shortbread||10|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||6|
|My first born son will be named fenghuang. I will raise him in the way of zen. Thus it is written, thus it shall be done.||+24|