Tuesday, 28 July 2015

Serious Leak Was Hijacking Steam Accounts Child

A serious vulnerability in the popular gaming service Steam ensured that users' accounts this weekend could be hijacked by childishly simple way. The only thing that an attacker would need to gain access to an account was user of the user name.

The vulnerability was in the password reset function. When changing a password, please send Valve, the developer of Steam, a code to the email address of the user. This code must be entered before the password can be changed. However, a bug meant that this code was not necessary. An attacker who did not fill in the code could just click Continue, and then reset the password and gain access to the account, such as this video shows.


Valve late in a response to gaming website Kotaku know that it was a "bug" and the problem was discovered on July 25.Meanwhile, the bug would be fixed. To protect users of all of the accounts with "suspicious password changes" the password will be reset. Users in this case will receive an email with a new password. In addition, Valve states that accounts using Steam Guard, the two-factor authentication of the gaming service, attackers could also log if it was changed password.

Steam has 125 million users worldwide. Through the platform, users can buy all sorts of games and digital objects. Some research argue that sold 75% of all PC games through Steam. Steam Accounts with many games or digital goods are also a favorite target. How many users it has been hijacked account is unknown, but on Reddit let readers know that several known players, the victim became.

No comments:

Post a Comment