Steam has announced that earlier today they finally fixed a bug that led to multiple accounts being hacked in the last week. According to Kotaku, the accounts of some prominent streamers and DOTA 2 professional gamers were hijacked during this time.
The bug, which is now fixed, was the result of a security “loophole” which allowed anybody anywhere to gain access to whatever account they wanted by using Steam’s Lost Password system. All they needed was the account’s username and then they could change the account’s password to whatever they wanted.
A Valve spokesperson told Kotaku that they learned of this bug on July 25th and “that [it] could have impacted the password reset process on a subset of Steam accounts during the period July 21-July 25. The bug has now been fixed.”
In a statement released on Kotaku, Valve said that:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected.
Gamers whose passwords were changed during this time will receive an e-mail from Valve with a new password, and they recommend that those who get this e-mail log into their accounts and create a new password. The statement also mentioned that while passwords were changed during this time, the original password was never revealed and that users with Steam Guard on were protected.
Here is the full statement that Kotaku released from Valve:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience.
So what’s your opinion on how Valve have been dealing with this problem and did you have trouble logging into your account last week? Let us know in the comments below.