Skip to main content
  1. Home
  2. Computing
  3. Gaming
  4. News

Fixed Steam bug allowed users’ accounts to be hijacked simply by knowing the username

Add as a preferred source on Google

If you’re lucky, you might have noticed that some people had their Steam accounts temporarily hijacked over the weekend. If you’re not so lucky, your Steam account was among those hijacked.

Fortunately, the exploit has already been resolved, but by the time Valve fixed the bug at the heart of the problem, the damage had already been done. What makes this particular security issue different isn’t the severity of the problem, but the ease with which pretty much anyone could take over a Steam account once they knew of the exploit.

Recommended Videos

A YouTube user by the account name Elm Hoe illustrated the method in a video. It started by requesting a password reset on the targeted account. On the next screen the user is prompted to enter an authentication code in order to proceed with the reset. The exploit worked by simply not entering a code and skipping ahead.

At this point, the attacker was free to change the account password to one of their choosing, locking the actual owner of the account out in the process. Luckily, this exploit didn’t last for long: Valve learned of the exploit on July 25, and it seems that accounts had only been hijacked using this method starting July 21.

Once Valve learned of the bug it was quickly fixed, and any accounts that were suspect had their passwords reset. “Please note that while an account password was potentially modified during this period the password itself was not revealed,” the company said in a statement to Kotaku.

Valve was also quick to point out that any user accounts with Steam Guard enabled were protected from another person actually logging into their account, even if the account’s password was modified. It’s worth noting that this is yet another reason why you should have two-factor authentication enabled everywhere it is possible to do so.

For a look at how exactly the exploit was accomplished when it was still in the wild, see the video below.

Steam | How accounts are getting hacked. (FIXED)
Kris Wouk
Former Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
This free Mac app lets you lock individual apps with Face Unlock and Touch ID
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more
Gemini Spark lands on the Mac, and it wants to tackle your chores while you relax
From messy downloads to date night reservations, Spark is here to lighten your load.
Gemini Spark mac app

Google has just announced a big batch of updates for Gemini Spark, making the assistant far more useful than before. Gemini Spark is finally coming to the Mac desktop app, bringing deeper app connections and a new way to keep tabs on what you care about. Let us break it down.

What can Spark do on your Mac now?

Read more