Valve Fixed A Security Flaw In Our Steam Wallets!

General news News PC PC News
0 519 Views
hacker - Daybreak Games was attacked in 2013 and took weeks to recover. Justice is done in 2019.

TECH NEWS – A security researcher noticed a security gap in Valve‘s system, and Gabe Newell’s company paid him for his discovery.

 

Valve had a flaw that could have significantly hit the company’s income, because if more people knew about it, then the Steam wallets would have held a lot more money than they were supposed to. In short, the flaw allowed anyone to falsify the amount the wallet had. For instance, you could have turned a one-dollar deposit into a one-hundred-dollar deposit, which is a 100x difference… and since Valve is nowadays spending a lot of money on manufacturing the Steam Deck, it would have hurt them badly.

How could this exploit be used? It was accomplished by changing the account’s email address to one including “amount100,” then intercepting a message to a payment company API (Smart2Pay). If you made both of these moves, you could fake the amount your wallet had.

The writeup for the hack was then posted on white-hat hacking bug bounty site HackerOne by the handle drbrix. (Don’t worry, white-hat hackers are ethical hackers who notify the company whose flaws they discovered. So nothing harmful.) Valve noticed the issue, and they looked into the case to see if they can recreate the defect.

Drbrix first posted the bug as a “medium” priority, saying, “I think the impact is pretty obvious, an attacker can generate money and break steam market, sell game keys for cheap, etc.” (So it would have gone into not just GREY market reselling but the BLACK market, given how the keys would have been created for a fracture of the price…) Valve then tested the exploit, tried a fix, and subsequently upgraded the bug to “Critical” severity. It was followed by a 7500 USD payout, “reflecting the potential cost to the business. We hope to hear more from you in the future,” the Valve staff said.

“Thanks to the person who reported this bug, we were able to work with the payment provider to resolve the issues without any impact on customers,” Valve told The Daily Swig. Still, they did not say whether anyone had abused the potential exploit.

Source: PCGamer

Spread the love
Tagged
Avatar photo
Anikó, our news editor and communication manager, is more interested in the business side of the gaming industry. She worked at banks, and she has a vast knowledge of business life. Still, she likes puzzle and story-oriented games, like Sherlock Holmes: Crimes & Punishments, which is her favourite title. She also played The Sims 3, but after accidentally killing a whole sim family, swore not to play it again. (For our office address, email and phone number check out our IMPRESSUM)

Related Articles

A relatively relaxed minimums leave room for eye-popping ray tracing specs in the new Dying Light

Dying Light 2: Stay Human Now Compatible with PlayStation 5 Pro!

Nov 16, 2024 35 Views
Lords of the Fallen introduces an all-new, epic RPG adventure in a vast, interconnected world more than five times larger than the original game.

Lords of the Fallen: “A High-End PC for PlayStation 5 Pro Will Cost More!” [VIDEO]

Nov 16, 2024 49 Views
There are no details on the new Blizzard game yet, but it is understood to be in the early stages of development.

Blizzard Seeks Developers for New Open-World Shooter Game!

Nov 16, 2024 46 Views
MOVIE NEWS - Daisy Ridley speaks out after disappointing news about Rey's Star Wars sequel...

Disney Rewrites Star Wars Plans with a Shocking Sequel Choice Taking Its Place!

Nov 16, 2024 51 Views
MOVIE NEWS - We asked ChatGPT what to expect from Liam Hemsworth as Geralt of Rivia in the fourth season of The Witcher.

Liam Hemsworth Steps Into Henry Cavill’s Shoes as a ‘Witcher Fan’ – But What Does That Really Mean?

Nov 16, 2024 65 Views
Designed by fans of Halo Infinite, the split-screen co-op mode supports up to four players.

Is Halo Coming to PlayStation 5? Xbox Fans Are Divided

Nov 16, 2024 62 Views
GSC Game World apologises for the delay of S.T.A.L.K.E.R. 2 but sees extra development time as necessary to polish the shooter

STALKER 2: A Player Calls Out Devs, Gets Banned, and Then Receives an Apology!

Nov 16, 2024 54 Views
In addition, Ubisoft's financial report also mentions the expansion of the "games as a service" market...

Ubisoft’s Moves Raise Questions – What’s Really Happening Behind the Scenes?

Nov 16, 2024 54 Views
REVIEW – Final Fantasy VII Remake set a new standard: breathtaking visuals, an expanded narrative, and immersive combat. From the demo, it was clear Final Fantasy VII Rebirth was set to follow in its footsteps, but does it maintain this excellence through to the final credits?

Big News for Final Fantasy VII Remake Fans: Huge Progress on the Trilogy’s Final Chapter

Nov 16, 2024 73 Views
GTA: The Trilogy - The Definitive Edition is now available on Nintendo Switch and several other platforms

Rockstar Sparks Drama Over GTA Trilogy Credits – Devs Hit Back

Nov 16, 2024 44 Views

No comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hot News

theGeek TV

Copyright © 2014 GameCorner. Ltd. Impressum Data Protection Statement