It turns out Steam had a pretty major security issue that would allow players to add fake credits to their virtual wallet and essentially fill it with unlimited funds. Had being the operative word. Valve has since resolved the bug and awarded the security expert who found it a tidy $7500 (about £5400) for discovering the hole in its digital storefront.
The Daily Swig (via NME) reports that researcher "drbrix" documented the exploit on HackerOne. They explained they "found a vulnerability which allows attacker to generate steam wallet balance". The bug effectively gave players a method of intercepting payments made via Smart2Pay so that they could surreptitiously inflate them. At least, that's how it would work in theory; Valve has yet to confirm if any hackers were able to take advantage of the exploit before it was fixed.
Have you seen the new handheld Steam Deck in action yet? Check it out in all its glory below!
Valve's JonP swiftly responded to drbrix, confirming that the company had also been able to "validate this is happening pretty much as described", and were actively working to fix it. drbrix was then asked to attempt the exploit again after an initial fix, and was awarded $7500 for their insight.
Advert
"Thank you for this report," JonP said. "This was clearly written and helpful in identifying a real business risk. We have changed the severity assessment to Critical, reflecting the potential cost to the business, and applied a bounty accordingly. We hope to hear more from you in the future."
In other, less troubling Steam news, the Steam Deck will launch in December. Valve has already promised that it'll be the most powerful handheld gaming device ever released, giving players the chance to access their entire Steam library on the go. Will I play The Witcher 3 for the sixth time? Yes. Yes I will.
Featured Image Credit: Valve