1. #1

    Valve/Steam Loophole Breach -- Possibility of Account Password Changed



    Multiple Steam accounts have been hijacked over the last week, thanks to a bug.

    The Steam Store and website were briefly unavailable this morning, but it is unclear whether this is related to any security issues.

    Last week, a security "loophole" allowed anyone in the world to access your account using the Lost Password function on Steam, as long as they had your username. From there they could change your password and gain access to your account with no verification needed.

    The security issue has now been fixed, however the bug could have been impacting the Steam service all of last week from July 21-25. Valve told Kotaku that it is "resetting passwords on accounts with suspicious password changes during that period."
    So make sure to check ur account for any password reset requests.
    Last edited by Lucetia; 2015-07-27 at 11:11 PM.
    My Gaming PC: Intel Core i5-4690K|Be quiet! PURE ROCK 87.|MSI Z97 PC MATE ATX LGA1150|G.Skill Ripjaws Series 8GB (2 x 4GB) DDR3-1600 Memory|1TB Western Digital Caviar Blue|Gigabyte GeForce GTX 970 4GB WINDFORCE 3X Video Card|Rosewill RISE ATX Full Tower Case| SeaSonic S12II 620W 80+ Bronze Certified ATX Power Supply|Samsung SH-224DB/BEBE DVD-CD Writer
    My Twitch Stream Playing Games All The Time: http://www.twitch.tv/jtbrig7390

  2. #2
    Pandaren Monk NoobistTV-Metro's Avatar
    Join Date
    Nov 2014
    Location
    No where.
    Posts
    1,863
    Sounds funny.
    This one loophole is driving steam users CRAZY! Click to see how!
    Media Manager at NoobistTV - A network that focuses on growing our Partners over everything else.
    Learn more at http://noobist.tv/partnership/

  3. #3
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:Tsunako
    Posts
    10,209
    Reminds me of the steam forum thing. It's not a database crack which is a good thing but still sucks for those affected.

  4. #4
    Is abusing a loophole considered a hack? Regardless, checking my account now.

  5. #5
    Mechagnome
    Join Date
    Aug 2014
    Location
    Seaside, FL
    Posts
    646
    They will incredibly disappointed with my account.

    Much like if someone mugged me.
    "I guess what they say is true, when a bunch of idiots agree with each other, it makes it fact." - Saint Eliseus on evolution

    "The talk was about "comedy", not "jokes"." - Pull My Finger

  6. #6
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:Tsunako
    Posts
    10,209
    Quote Originally Posted by kail View Post
    Is abusing a loophole considered a hack? Regardless, checking my account now.
    Technically all cracks are abusing a loophole. It's just the severity of it.

  7. #7
    Immortal Black Pearl's Avatar
    Join Date
    Sep 2010
    Location
    The beach
    Posts
    7,179
    Dear Steam User,

    On July 25th we learned of a Steam bug that could have impacted the password reset process on your Steam account during the period July 21-July 25. The bug has now been fixed.

    To protect users, we are resetting passwords on accounts that changed passwords during that period using the account recovery wizard. You will receive an email with your new password. Once that email is received, it is recommended that you login to your account via the Steam client and set a new password.

    Please note that while your password was potentially modified during this period the password itself was not revealed. Also, if you had Steam Guard enabled, your account was protected from unauthorized logins even if your password was modified.

    We apologize for any inconvenience
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.

  8. #8
    Quote Originally Posted by Remilia View Post
    Technically all cracks are abusing a loophole. It's just the severity of it.
    They didn't really "hack" steam though. They had a loophole that let them get access to accounts via the pw recovery system. They still needed to obtain your UN via social engineering. They weren't in the valve servers, don't have access to a list of UNs and PWs or credit card information.

  9. #9
    Also to clear things up you don't need to change your password since they never had access to it anyway.

    and yay for steam guard.

  10. #10
    Quote Originally Posted by Black Pearl View Post
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.
    Honestly, if you're not using free secondary security features like Steam Guard then you're kinda being foolish. It's hardly any kind of imposition and it's a huge extra layer of security.

    There's literally no reason to not be using features like Steam Guard if you want to keep your account(s) secure.

  11. #11
    Quote Originally Posted by Black Pearl View Post
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.
    Yeah, not sure why someone would remove Steamguard. I mean, sure it's annoying sometimes, but still.

    Also, changed the title to fit the situation a bit more.

    Quote Originally Posted by Edge- View Post
    Honestly, if you're not using free secondary security features like Steam Guard then you're kinda being foolish. It's hardly any kind of imposition and it's a huge extra layer of security.

    There's literally no reason to not be using features like Steam Guard if you want to keep your account(s) secure.
    Agreed. Plus if you use their extra protection services and still get hacked or something. They are more likely to give you either a speedier response or help you out in that situation as it becomes more of a fault of their protection services. I know some companies if you don't use their free protection they'll tell you in the terms they aren't going to help you if you do have an issue.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •