Steam Has Been Hacked and Accounts Compromised

Valve is one of the most famous companies in the gaming industry and its Steam is the most robust platform in the PC gaming market. Millions of people from across the world own Steam accounts and some of these people have invested thousands of dollars on their personal accounts. That is basically the reason why the recent security breach that took place a few days ago must be taken seriously.

 Steam Has Been Hacked

Attackers were able breached Steam because of a security hole in its system, the bug allowed hackers to completely take over the target account with nothing at their end except username of arbitrary account.

The full details of the hack are still relatively unknown, but the information keeps coming out. Guys at Valve are yet to release an official statement concerning this recent mishap but if a demonstration posted on YouTube is anything to go by, then a hacker could exploit the ‘forgotten password’ feature in Steam’s log-in service, totally bypassing the stage of security code input and given direct access to reset the password of the account.

The most worrying thing about the situation is that all an attacker needs to execute this exploit is just the account name of a Steam user. It is still unclear whether Steam Guard’s protection is ample enough to stand against this exploit, as there have been a number of reports in the past from users that claim their accounts were compromised even with Steam Guard being active.

Valve have successfully blocked the loophole but sadly, a huge damage has already been inflicted on many of its users. Some of the affected users include renowned Twitch Streamers, whose accounts were hijacked and shut down. Consciously, Valve imposed a 5-day ban on all accounts that are marked as compromised but so far it is unclear whether there will be additional consequences for affected accounts/users.

Account users are bothered about the possibility of ‘VAC bans.’

Valve’s anti-cheat system has a reputation of enforcing permanent bans, even in situations where user accounts were hacked and hijacked, Valve typically never revert these bans.

However, users that actively trade on the Steam Market have been left disturbed about a situation where they might lose some of their hard-earned items, which is a real possibility as a result of many accounts been compromised. This could be the rationale behind the 5-day lock-down, as it could give Valve enough time and space to work things out without traders causing any distractions.

The news of the hack has been on for almost 24 hours, but Valve’s silence on the issue has been nothing less than worrying. Some are of the view that Valve should release a statement, notifying its users on the situation of things going on, so they can take steps to secure their accounts.

However, the company has not released any statement and it is still unclear when they are going to. The issue is being actively discussed on different social media sites, for example, Reddit- where it is widespread in most popular sections and also getting tons of attention.

Steam account users have been advised to monitor their emails. If an email related to the recovery of the password is received, it must not be ignored. Rather, users should proceed to check if their accounts are still active and accessible.

It should be noted that the information contained in the email is not an attack. Receiving this e-mail is just a sign that the account is under attack. Sadly, it has been reported that even changing the password has not been effective because hackers have the ability to reset it continuously.

These days, it is a MUST to activate Steam Guard, not just because of this particular issue but as a general means of securing accounts. Steam is very popular and it is only normal to assume that it is going to be occasionally targeted by cyber criminals and more incidents like this are going to become even more prominent in the future.

Hopefully, the company was able to get on top of things on its backend before the issue spread out of control, but it seems that much damage has been done already.

A lot of users are disillusioned and completely devastated with the situation and a scan around popular gaming forums is enough to confirm.

Most people are not really angry about the fact that the hack took place, the real anger amongst users, stems from the way Valve have been communicating with them concerning this weird issue.

Although Valve has already been known to be silent and secretive, but in times like this, communicating with all of its users and notifying them to at least check their accounts should be one of the first actions to take.

The situation is still developing, so affected users should follow the news and social media for information over the next few days. And of course, keep coming back here as we’re going to update this article as well.

Pierluigi Paganini Cyber Security Analyst; Member, European Union Agency for Network and Information Security Threat Landscape Stakeholder Group; Founder, Security Affairs Blog. Co-author of The Deep Dark Web: The Hidden World.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.