Steam (Valve), who has had a number of data breaches over the years – including one that impacted 35 million users – seems to have had another breach. Arash Fekri reports:
Reports are still blurry and information keeps coming out – Valve themselves are yet to make an official statement on the issue – but according to a demonstration that was posted on YouTube, a hacker could abuse the “forgotten password” feature in Steam’s log-in service, completely bypassing the stage where they have to enter a security code, and being granted access to reset the password of the account.
All an attacker needs to carry out this exploit is the account name of a Steam user. It’s not yet clear if Steam Guard offers sufficient protection from the exploit, as there have been some reports from users claiming that their accounts have been compromised even with Steam Guard enabled.
Valve have closed the loophole already, but not before significant amounts of damage were done to many users.
Read more on Master Herald.