• knbrothers 11:35 am on July 27, 2015 Permalink
    Tags: , , , , , , , , , , , ,   

    Valve fixed a Steam exploit that allowed anyone to take over accounts

    Steam is a popular gaming platform that you use to buy and play games, use community features or a plethora of other features such as a virtual item marketplace or a workshop to which third-party creators can upload items to.

    Steam users sign in to the Steam client or website using a username and password combination, and if they have enabled Steam Guard, with a security code in the second step of authentication.

    Information about an exploit that allowed anyone to take over Steam accounts were published in the last couple of days to various popular Internet forums such as Reddit.

    A demonstration of the hack was recorded and published to YouTube as well which you can watch below.

    [embedded content]

    What happened basically was that Steam’s reset password functionality accepted blank confirmation codes.

    When you initiate a password reset on Steam, for instance because you have forgotten your password, you are asked to enter your username, linked email address or phone number to receive an email with instructions on how to reset it.

    forgot steam account

    This email contains a link and code that you need to enter in the second step of the process to verify your identity.

    Since blank codes were accepted, attackers needed accessed to the username of the Steam user only to take over accounts. The username is displayed in the top right corner on Steam by default. Unless Steam users have taken care to hide it in the interface, it is revealed whenever screenshots are taken and published or when Steam is shown in video streams.

    Some users claimed that Steam Guard, the two-factor authentication feature of Steam, did not protect the account from being taken over but that has not been confirmed yet either officially.

    Valve has fixed the bug in the meantime but not before accounts of prominent Steam users, Twitch streamers for instance, were taken over by attackers.

    The company has improved Steam’s defenses against account hacks in the past years, for instance by limiting accounts so that digital items cannot be sold or traded away for several days after certain activities on Steam.

    Affected accounts seem to be in a lockdown-state currently which means that activities such as trading are not permitted by those accounts currently.

    So what should you do if you have been affected or want to know if that is the case? First thing you may want to do is try and log in to your Steam account to see if you can still do so. If that works, all is well and you should not need to do anything else.

    If you cannot sign in, it is probably because you are affected by the hack. Try to reset the password on your end and contact Steam support to notify them about it.

    Now may be a good time to enable Steam Guard on the other hand if you have not already to enable two-factor authentication for the account.

    Summary

    Article Name

    Valve fixed a Steam exploit that allowed anyone to take over accounts

    Author

    Martin Brinkmann

    Description

    Valve fixed an exploit in the company’s Steam gaming platform recently that allowed anyone to hack user accounts on the platform.

    About Martin Brinkmann

    Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

    You are here: Home > Games > Valve fixed a Steam exploit that allowed anyone to take over accounts

    This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

     
  • knbrothers 11:35 am on July 27, 2015 Permalink
    Tags: , , , , , , , , , , , ,   

    Valve fixed a Steam exploit that allowed anyone to take over accounts

    Steam is a popular gaming platform that you use to buy and play games, use community features or a plethora of other features such as a virtual item marketplace or a workshop to which third-party creators can upload items to.

    Steam users sign in to the Steam client or website using a username and password combination, and if they have enabled Steam Guard, with a security code in the second step of authentication.

    Information about an exploit that allowed anyone to take over Steam accounts were published in the last couple of days to various popular Internet forums such as Reddit.

    A demonstration of the hack was recorded and published to YouTube as well which you can watch below.

    [embedded content]

    What happened basically was that Steam’s reset password functionality accepted blank confirmation codes.

    When you initiate a password reset on Steam, for instance because you have forgotten your password, you are asked to enter your username, linked email address or phone number to receive an email with instructions on how to reset it.

    forgot steam account

    This email contains a link and code that you need to enter in the second step of the process to verify your identity.

    Since blank codes were accepted, attackers needed accessed to the username of the Steam user only to take over accounts. The username is displayed in the top right corner on Steam by default. Unless Steam users have taken care to hide it in the interface, it is revealed whenever screenshots are taken and published or when Steam is shown in video streams.

    Some users claimed that Steam Guard, the two-factor authentication feature of Steam, did not protect the account from being taken over but that has not been confirmed yet either officially.

    Valve has fixed the bug in the meantime but not before accounts of prominent Steam users, Twitch streamers for instance, were taken over by attackers.

    The company has improved Steam’s defenses against account hacks in the past years, for instance by limiting accounts so that digital items cannot be sold or traded away for several days after certain activities on Steam.

    Affected accounts seem to be in a lockdown-state currently which means that activities such as trading are not permitted by those accounts currently.

    So what should you do if you have been affected or want to know if that is the case? First thing you may want to do is try and log in to your Steam account to see if you can still do so. If that works, all is well and you should not need to do anything else.

    If you cannot sign in, it is probably because you are affected by the hack. Try to reset the password on your end and contact Steam support to notify them about it.

    Now may be a good time to enable Steam Guard on the other hand if you have not already to enable two-factor authentication for the account.

    Summary

    Article Name

    Valve fixed a Steam exploit that allowed anyone to take over accounts

    Author

    Martin Brinkmann

    Description

    Valve fixed an exploit in the company’s Steam gaming platform recently that allowed anyone to hack user accounts on the platform.

    About Martin Brinkmann

    Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

    You are here: Home > Games > Valve fixed a Steam exploit that allowed anyone to take over accounts

    This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.