Last week, several Steam users had their accounts hacked via a glitch. While Valve initially labeled the glitch as only a “bug,” it recognized that there was a larger problem on Saturday, July 25, and fixed it immediately.
Below is a video showing how accounts could be accessed by hackers:
Hackers only needed an account’s name to gain access to it. They would go to the Lost Password page on Steam, enter the account name, select “Email an account recovery code to ‘account’s email address’,” and then press Continue without entering an actual recovery code. Hackers would then be able to set a new password.
Valve said that “to protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Please note that while an account password was potentially modified during this period, the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”
Follow Rob Shimshock on Twitter.