Valve apologies for Steam account hijack bug
July 27, 2015 // 12:51 p.m.
Game publishing giant Valve has apologised for a flaw in its Steam digital distribution platform that saw numerous accounts hijacked last week, blaming a software bug for the issue.
Valve's Steam platform is one of the most popular distribution services around, largely thanks to its required use for the company's own games and heavily-discounted sale prices several times a year. With millions of users, though, it's a prime target for ne'er-do-wells - and a bug in the platform allowed many accounts to be hijacked by said wrong'uns over the last week, thanks to what Valve is claiming was a software bug.
'On July 25th we learned of a Steam bug that could have impacted the password reset process on your Steam account during the period July 21-July 25. The bug has now been fixed,' the company explained in an email sent to users whose passwords had been changed - legitimately or otherwise - during the period. 'To protect users, we are resetting passwords on accounts that changed passwords during that period using the account recovery wizard. You will receive an email with your new password. Once that email is received, it is recommended that you login to your account via the Steam client and set a new password.'
The company has stated that the original password was never revealed to the attackers, and neither was any internal system compromised: the flaw was limited to an issue with the account recovery wizard, which allowed attackers to reset the password for any account without access to the account's original email address. Those who use Steam Guard, the company's two-factor authentication system, were protected even if the password was changed, Valve has added.
Those who have received the email are advised to reset their passwords in order to regain access to their accounts, and to check for any unauthorised activity while the account was in another's control.