1. #1

    Valve/Steam Loophole Breach -- Possibility of Account Password Changed



    Multiple Steam accounts have been hijacked over the last week, thanks to a bug.

    The Steam Store and website were briefly unavailable this morning, but it is unclear whether this is related to any security issues.

    Last week, a security "loophole" allowed anyone in the world to access your account using the Lost Password function on Steam, as long as they had your username. From there they could change your password and gain access to your account with no verification needed.

    The security issue has now been fixed, however the bug could have been impacting the Steam service all of last week from July 21-25. Valve told Kotaku that it is "resetting passwords on accounts with suspicious password changes during that period."
    So make sure to check ur account for any password reset requests.
    Last edited by Lucetia; 2015-07-27 at 11:11 PM.
    Check me out....Im └(-.-)┘┌(-.-)┘┌(-.-)┐└(-.-)┐ Dancing, Im └(-.-)┘┌(-.-)┘┌(-.-)┐└(-.-)┐ Dancing.
    My Gaming PC: MSI Trident 3 - i7-10700F - RTX 4060 8GB - 32GB DDR4 - 1TB M.2SSD

  2. #2
    Sounds funny.
    This one loophole is driving steam users CRAZY! Click to see how!
    Owner of ONEAzerothTV
    Tanking, Blood DK Mythic+ Pugging, Soloing and WoW Challenges alongside other discussions about all things in World of Warcraft
    ONEAzerothTV

  3. #3
    Fluffy Kitten Remilia's Avatar
    10+ Year Old Account
    Join Date
    Apr 2011
    Location
    Avatar: Momoco
    Posts
    15,160
    Reminds me of the steam forum thing. It's not a database crack which is a good thing but still sucks for those affected.

  4. #4
    Is abusing a loophole considered a hack? Regardless, checking my account now.

  5. #5
    They will incredibly disappointed with my account.

    Much like if someone mugged me.

  6. #6
    Fluffy Kitten Remilia's Avatar
    10+ Year Old Account
    Join Date
    Apr 2011
    Location
    Avatar: Momoco
    Posts
    15,160
    Quote Originally Posted by kail View Post
    Is abusing a loophole considered a hack? Regardless, checking my account now.
    Technically all cracks are abusing a loophole. It's just the severity of it.

  7. #7
    Dear Steam User,

    On July 25th we learned of a Steam bug that could have impacted the password reset process on your Steam account during the period July 21-July 25. The bug has now been fixed.

    To protect users, we are resetting passwords on accounts that changed passwords during that period using the account recovery wizard. You will receive an email with your new password. Once that email is received, it is recommended that you login to your account via the Steam client and set a new password.

    Please note that while your password was potentially modified during this period the password itself was not revealed. Also, if you had Steam Guard enabled, your account was protected from unauthorized logins even if your password was modified.

    We apologize for any inconvenience
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.

  8. #8
    Quote Originally Posted by Remilia View Post
    Technically all cracks are abusing a loophole. It's just the severity of it.
    They didn't really "hack" steam though. They had a loophole that let them get access to accounts via the pw recovery system. They still needed to obtain your UN via social engineering. They weren't in the valve servers, don't have access to a list of UNs and PWs or credit card information.

  9. #9
    Also to clear things up you don't need to change your password since they never had access to it anyway.

    and yay for steam guard.

  10. #10
    Quote Originally Posted by Black Pearl View Post
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.
    Honestly, if you're not using free secondary security features like Steam Guard then you're kinda being foolish. It's hardly any kind of imposition and it's a huge extra layer of security.

    There's literally no reason to not be using features like Steam Guard if you want to keep your account(s) secure.

  11. #11
    Quote Originally Posted by Black Pearl View Post
    Mail from Valve. The only people that might be truly affected by this are people who turned off Steam Guard apparently, which kinda is a dumb thing to do anyway.

    Also, title of the thread is wrong, as Steam wasn't hacked at all.
    Yeah, not sure why someone would remove Steamguard. I mean, sure it's annoying sometimes, but still.

    Also, changed the title to fit the situation a bit more.

    Quote Originally Posted by Edge- View Post
    Honestly, if you're not using free secondary security features like Steam Guard then you're kinda being foolish. It's hardly any kind of imposition and it's a huge extra layer of security.

    There's literally no reason to not be using features like Steam Guard if you want to keep your account(s) secure.
    Agreed. Plus if you use their extra protection services and still get hacked or something. They are more likely to give you either a speedier response or help you out in that situation as it becomes more of a fault of their protection services. I know some companies if you don't use their free protection they'll tell you in the terms they aren't going to help you if you do have an issue.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •