Valve Fixed A Security Flaw In Our Steam Wallets!

General news News PC PC News
0 457 Views
hacker - Daybreak Games was attacked in 2013 and took weeks to recover. Justice is done in 2019.

TECH NEWS – A security researcher noticed a security gap in Valve‘s system, and Gabe Newell’s company paid him for his discovery.

 

Valve had a flaw that could have significantly hit the company’s income, because if more people knew about it, then the Steam wallets would have held a lot more money than they were supposed to. In short, the flaw allowed anyone to falsify the amount the wallet had. For instance, you could have turned a one-dollar deposit into a one-hundred-dollar deposit, which is a 100x difference… and since Valve is nowadays spending a lot of money on manufacturing the Steam Deck, it would have hurt them badly.

How could this exploit be used? It was accomplished by changing the account’s email address to one including “amount100,” then intercepting a message to a payment company API (Smart2Pay). If you made both of these moves, you could fake the amount your wallet had.

The writeup for the hack was then posted on white-hat hacking bug bounty site HackerOne by the handle drbrix. (Don’t worry, white-hat hackers are ethical hackers who notify the company whose flaws they discovered. So nothing harmful.) Valve noticed the issue, and they looked into the case to see if they can recreate the defect.

Drbrix first posted the bug as a “medium” priority, saying, “I think the impact is pretty obvious, an attacker can generate money and break steam market, sell game keys for cheap, etc.” (So it would have gone into not just GREY market reselling but the BLACK market, given how the keys would have been created for a fracture of the price…) Valve then tested the exploit, tried a fix, and subsequently upgraded the bug to “Critical” severity. It was followed by a 7500 USD payout, “reflecting the potential cost to the business. We hope to hear more from you in the future,” the Valve staff said.

“Thanks to the person who reported this bug, we were able to work with the payment provider to resolve the issues without any impact on customers,” Valve told The Daily Swig. Still, they did not say whether anyone had abused the potential exploit.

Source: PCGamer

Spread the love
Tagged
Avatar photo
Anikó, our news editor and communication manager, is more interested in the business side of the gaming industry. She worked at banks, and she has a vast knowledge of business life. Still, she likes puzzle and story-oriented games, like Sherlock Holmes: Crimes & Punishments, which is her favourite title. She also played The Sims 3, but after accidentally killing a whole sim family, swore not to play it again. (For our office address, email and phone number check out our IMPRESSUM)

Related Articles

Deliver Us The Moon

Deliver Us The Moon: the Unexpectedly Resurrected Nintendo Switch Port! [VIDEO]

Apr 24, 2024 19 Views

Dig VR: Meta Quest-Exclusive Digging in Virtual Reality [VIDEO]

Apr 24, 2024 18 Views
MOVIE NEWS - In a recent interview, Johnny Depp may have hinted, among other things, that he is not interested in returning to the Pirates of the Caribbean franchise, when he spoke out against big-budget movies...

We Might Not See Johnny Depp As Jack Sparrow Anymore?! The Legendary Actor Speaks

Apr 24, 2024 53 Views
MOVIE NEWS - The story of Geralt, Ciri and Yennefer is coming to an end, but The Witcher Season 4 may have many more surprises...

The Witcher Season 4 – Everything We Know About The Netflix Series Sequel So Far!

Apr 24, 2024 81 Views
MOVIE NEWS - Face/Off 2 seems to be making progress, but it won't be released until it lives up to the original film's legacy. John Travolta Nicolas Cage

Could The Classic Action Movie With Nicolas Cage And John Travolta Get A Sequel?!

Apr 24, 2024 63 Views
Set in the 16th century Holy Roman Empire, the title will be so dark and scary that it could be Ubisoft's first horror game...

Will Assassin’s Creed Hexe Not Only Change The Established Formula By Getting Scarier?!

Apr 24, 2024 48 Views
A life simulator game from Weta Workshop and Private Division in which you can control a hobbit with multiple language options (English, French, German, Italian, Polish, Turkish, Spanish, Latin American Spanish, Brazilian Portuguese, Japanese, Korean, Simplified and Traditional Chinese).

Tales of the Shire: A Lord of the Rings Game: the Hobbit Simulator [VIDEO]

Apr 24, 2024 16 Views
Atlus and Studio Zero have once again set a date for when we can expect the RPG, which will be cross-gen, as it will show up on one of the 2013 consoles after delays.

A New Release Date for Metaphor: ReFantazio [VIDEO]

Apr 24, 2024 14 Views
TECH NEWS - Meta has opened up its Horizon OS to other vendors, including Xbox, Levovo and Asus.

Xbox May Enter The Virtual Reality Market?!

Apr 24, 2024 49 Views
TECH NEWS - Although NVIDIA warned about the vulnerability last week, they have now confirmed that the worst-case scenario has been confirmed. Nvidia RTX 5090 RTX Remix

Can Nvidia’s Monopoly in the AI Market be Maintained?

Apr 24, 2024 17 Views

No comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hot News

theGeek TV

Copyright © 2014 GameCorner. Ltd. Impressum Data Protection Statement