Steam, the popular online storefront and social tool on the PC and MAC, was the target of hacking over the weekend. Video game blog Kotaku notes that the target of the hacks included prominent names in the online gaming community such as streamers and E-sports stars.
According to Kotaku, the attacks make use of a security loophole in Valve's lost password system that allows infiltrators to potentially seize control of a user's account by simply knowing the accounts user name.
Another website, Dual Pixels, notes that commenters on popular discussion boards like NeoGAF and Reddit have also noted malicious activity on their accounts from as early as last Tuesday, July 21:
There have been reports from individuals on NeoGAF, Reddit, and Twitch TV that Steam has been hacked. Streamers Summit1G, Phant0ml0rd, Goldglove, and JoshOG reported that they lost their accounts. Reddit user ryugarulz reported they lost items from their account on July 21st when a user logged into the account and Steam never send an email requesting a new PC login.
">A video on Youtube shows how to make use of this security breach to gain access to a user's account. It is quite alarming that a service as big and widely used as Steam could have such a glaringly obvious weakness in its security but Valve, the company behind steam, says they have sorted out the issue. Here's their official statement:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience.