Did you know that Steam was hacked? From the 25th of July, there were reports from people on NeoGAF, Reddit, and Twitch TV that Steam accounts had been hacked.
Streamers such as Summit1G, Phant0ml0rd, Goldglove and JoshOG reported a loss of access to their Steam accounts.
In a previous instance, one Reddit user named ryugarulz had reported lost items from his Steam account on the 21st of July, when a user logged into the account.
Typically, an email requesting verification for a new login is sent through to a user. Such an email was never sent through to ryugarulz.
Further hints to issues with Steam occurred during the 26th of July, when the Steam Community was down. Of course, there were many claims that the situation was under control.
However, one NeoGAF user Lucifon reported otherwise, on the 26th of July as well, that Steam was experiencing a huge attack. But this all remains heresy.
Lucifon alleges that he received multiple password resets and Steam Guard, which is Steam’s security service, requests. All of these requests came from a device within the Russian Federation, when Lucifon in actuality resides in the United Kingdom.
Lucifon then made certain to check his email security had not been compromised, to find that there had been no login attempts from the Russian Federation. This means that both Steam and Steam Guard were compromised without email access.
But how were such hacks possible, this video below shows exactly how easily people were able to exploit Steam’s security measures, and gain access to users’ Steam accounts.
Prospective ‘hackers’ simply went to the Steam support page, filled in the username they wished to gain access to. They then clicked the email recovery code option.
Following this, they were taken to the recovery code page and simply could click continue without filling in a recovery code, and finally were able to reset the unsuspecting Steam user’s password. How simple is that? Far too; no wonder accounts were being hacked.
There have been many claims that this major security issue has been resolved. Yet as of the writing of this article, we cannot gain access to the Steam store page ourselves and consistently receive an error message.
We’re hoping that Valve has crashed Steam themselves as a measure in halting the madness. We have heard that Valve has put a band on all trading and community market sales as a means to defend hacked accounts.
That should mean that whatever you own is safe for now.
Sadly, Valve has not come out with an official statement to address what’s happening. Optimistically though, perhaps Valve is still working on this password issue and actively trying to prevent further hacks, by fixing other security issues which we have no knowledge of.
The reality of internet-based distribution services like Steam, Xbox Live and PSN are that they are susceptible to hacks and cyber attacks.
Eventually, Steam would be comprised, but the ease at which hackers had access to Steam users’ accounts is slightly unsettling.
Hopefully, Valve will make sure Steam is further secured and no more security loopholes like the one above can be exploited.
Source: Dual Pixels, NeoGAF, Reddit
More On Valve & Steam
Valve’s virtual reality headset with HTC is epic
Hatred’s funniest Steam User Reviews
Steam’s controller unveiled: finally a controller for PC gamers
Loading ...
Nerd stuff