Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Steam Has Fixed A “Loophole” That Leads to Multiple Accounts Being Hacked

Your Steam account is safe once again.
This article is over 9 years old and may contain outdated information

Steam has announced that earlier today they finally fixed a bug that led to multiple accounts being hacked in the last week. According to Kotaku, the accounts of some prominent streamers and DOTA 2 professional gamers were hijacked during this time.

Recommended Videos

The bug, which is now fixed, was the result of a security “loophole” which allowed anybody anywhere to gain access to whatever account they wanted by using Steam’s Lost Password system. All they needed was the account’s username and then they could change the account’s password to whatever they wanted.

A Valve spokesperson told Kotaku that they learned of this bug on July 25th and “that [it] could have impacted the password reset process on a subset of Steam accounts during the period July 21-July 25. The bug has now been fixed.”

In a statement released on Kotaku, Valve said that:

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected.

Gamers whose passwords were changed during this time will receive an e-mail from Valve with a new password, and they recommend that those who get this e-mail log into their accounts and create a new password. The statement also mentioned that while passwords were changed during this time, the original password was never revealed and that users with Steam Guard on were protected.

Here is the full statement that Kotaku released from Valve:

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience.

So what’s your opinion on how Valve have been dealing with this problem and did you have trouble logging into your account last week? Let us know in the comments below.


Twinfinite is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Damian Skinner
Damian Skinner
An Irish liberal arts student with way too much time on his hands who when not obsessing about Monster Hunter, RPGs or some random account he recently found on YouTube he can be found writing for Twinfinite.