Steam gamers are in control again after the hugely popular PC gaming software patched a security vulnerability that resulted in an unknown number of stolen account passwords over the past week. The security flaw, which Steam-maker Valve downplayed as a “bug,” temporarily enabled hackers to take control of a Steam user's entire account, and left many gamers locked out of their accounts entirely.
For the past week Steam users have complained that their accounts were being accessed and manipulated from other PCs. Elm Hoe, a Steam gamer known for his YouTube presence, help spread word of the breach on July 25 when he posted a video proving that if a hacker wanted to take control of someone's account, all he needed to know was their account name. Hackers would go to Steam's Lost Password page, enter the targeted account and simply click Continue when asked to enter their email verification. The whole process is laid out here:
A Valve spokesperson told the gaming site Kotaku the company only learned of what seems to be a major security flaw on July 25 (the same day El Hoe posted his video) and fixed the issue immediately.
“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password,” the Steam statement said.
“Please note that while an account password was potentially modified during this period, the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”