A security flaw in Steam let anyone change your password

July 27, 2015 7:01 pm0 commentsViews: 2

Steam Support


Share This article

Did you experience any unexpected activity on your Steam account last week? Well, it seems that there was a major security flaw in Valve’s password reset feature that allowed anyone to reset your password — even without access to your email. The accounts of numerous popular streamers were compromised for a short period, and Valve is left looking incredibly foolish.

If you forget your Steam password, Valve normally sends you a one-time-use code over email that you can use to reset your password. However, it was discovered last week that Steam wasn’t actually checking to verify that your code was valid. If you simply refrained from entering anything during the authentication step, the client would still allow you to reset the password.

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

ExtremeTech » Video Game News & Rumors On Upcoming Releases | ExtremeTech

Tags:

Leave a Reply