Fixed Steam bug allowed users’ accounts to be hijacked simply by knowing the username

steam password exploit fixed guard
If you’re lucky, you might have noticed that some people had their Steam accounts temporarily hijacked over the weekend. If you’re not so lucky, your Steam account was among those hijacked.

Fortunately, the exploit has already been resolved, but by the time Valve fixed the bug at the heart of the problem, the damage had already been done. What makes this particular security issue different isn’t the severity of the problem, but the ease with which pretty much anyone could take over a Steam account once they knew of the exploit.

A YouTube user by the account name Elm Hoe illustrated the method in a video. It started by requesting a password reset on the targeted account. On the next screen the user is prompted to enter an authentication code in order to proceed with the reset. The exploit worked by simply not entering a code and skipping ahead.

At this point, the attacker was free to change the account password to one of their choosing, locking the actual owner of the account out in the process. Luckily, this exploit didn’t last for long: Valve learned of the exploit on July 25, and it seems that accounts had only been hijacked using this method starting July 21.

Once Valve learned of the bug it was quickly fixed, and any accounts that were suspect had their passwords reset. “Please note that while an account password was potentially modified during this period the password itself was not revealed,” the company said in a statement to Kotaku.

Valve was also quick to point out that any user accounts with Steam Guard enabled were protected from another person actually logging into their account, even if the account’s password was modified. It’s worth noting that this is yet another reason why you should have two-factor authentication enabled everywhere it is possible to do so.

For a look at how exactly the exploit was accomplished when it was still in the wild, see the video below.

Computing

New Chrome feature aimed at preventing websites from blocking Incognito Mode

A new Chrome feature will prevent websites from blocking Chrome users as they browse using Incognito Mode. The feature is supposed to fix a known loophole that allows websites to detect and block those using Incognito Mode.
Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.
Emerging Tech

Of all the vape pens in the world, these 5 are the best

Vaping concentrates has become significantly more popular, especially among those that use cannabis for medicinal purposes. But don’t use just any vape pen: we found these five devices to be our favorites in 2018.
Computing

500px reveals almost 15 million users are caught up in security breach

Almost 15 million members of portfolio website 500px have been caught up in a security breach. The hack occurred in 2018 but was only discovered last week. Users are being told to change their 500px password as soon as possible.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Computing

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Mobile

Need speed? Qualcomm unveils the Snapdragon X55, the world’s fastest 5G modem

Qualcomm is preparing for an even faster future: The silicon giant just unveiled a second generation 5G modem for smartphones, promising blistering download speeds as high as 7Gbps.
Computing

Don't use streaming apps? Try the best free media players for your local music

Rather than using music-streaming apps, you may want something for playing your local music. Good news! There are some good alternatives. These are the best media players you can download for free on Windows.
Mobile

Barbie’s Corvette ain’t got nothing on Sphero’s fully programmable robot car

Sphero is known for devices like the Sphero Bolt and BB-8 Star Wars toy, but now the company is back with another addition to its lineup -- the Sphero RVR. The RVR is a fully programmable robot car that can be expanding with different…
Photography

Luminar’s libraries gain speed, drop need for you to manually import images

Luminar 3 just got a performance boost. Skylum Luminar 3.0.2 has improved speed over December's update, which added the long-promised libraries feature giving editors a Lightroom alternative.
Computing

Keep your portable computer safe and shiny with the best laptop bags for 2019

Choosing the right laptop bag is no easy feat -- after all, no one likes to second-guess themselves. Here are some of the best laptop bags on the market, from backpacks to sleeves, so you can get it right the first time around.
Computing

Like to be brand loyal? These tech titans make some of our favorite laptops

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.
Computing

Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.