Steamis one of the most popular PC gaming platforms available, being a host of some of the most popular games available today. With its frequent use and large userbase, the platform is built to prevent certain exploits to be used. Some ofSteam’s exploits are patchedfor good reasons, such as when Valve’s old code allowed for access to sensitive information such as passwords and billing information, while others allow for straight-up cheating in some of its games. The latest exploit to be patched could have been potentially one of the most catastrophic to the platform if it wasn’t found.
The exploit was found by a group of hackers on a site known as Hackerone. This site allows for hackers to connect with companies like Valve to tinker and hack through its sites, applications, and software. These allow for private communication between the company and hackers to discover any exploits that could potentially endanger its userbase, where theseethical hackers are then rewardedfor finding these vulnerabilities before they go public.
RELATED:Valve Uploads Ad for Steam Deck
The latest report submitted from Hackerone to Valve involves an exploit that allows for users to falsely add infinite money to theirSteamwallets. Valve was alerted by this exploit by a user known as drbrix. The bug allowed for a player to receive an “amount100” in their Steam account’s email address, which will then intercept payments made in Steam’s Smart2Pay system, along with artificially inflating them.
This flaw, as detailed in the report by drbrix, could impact the entire platform of Steam. An example given in the report was an attacker could instantly generate any amount of money they desire, breaking the market bybuying and reselling Steam game keys for cheap. As this was an important issue that needed to be resolved on Valve’s end, one employee, known as JonP, thanked drbrix for his contribution and confirmed this was a critical issue that Valve would look into.
The hacker was then awarded $7500 for his efforts in finding this exploit, with the problem being resolved rather quickly after its discovery. A spokesman from Valve commented on the matter with The Daily Swig. “Thanks to the person who reported this bug we were able to work with the payment provider to resolve the issue without any impact on customers.” Currently there’s no word from Valve in regards to if the vulnerability had affected any of its users, if it has beenabused by any malicious hackersor if the issue was resolved before things could have gotten out of hand. Regardless, thanks to this hacker, aSteammarketplace crisis has been averted.
MORE:Custom Steam Deck Colors Could Mean Bigger Things on the Horizon
