[BLOG] Steam accounts lost in reset exploit; fixed now

[PredictedCyborg]

This is a blog post. To read the original post, please click here »

Another Steam bug recently surfaced that let users reset passwords for accounts they did not own. Fortunately Valve were quick off the mark in fixing it, but not before a number of people lost access to their accounts for a few hours.



The issue was dependent on the knowledge of the account's username, and since that is common knowledge it was easy enough to get password resets sent for accounts. Unsurprisingly a large number of more well known people such as streamers and Youtubers were affected by this, although thanks to a previous change that implemented a five-day ban on trading from accounts that change password or e-mail there was no mass looting of digital items from accounts affected and the majority of people now have back their own accounts.



If you're interested, a user on Reddit made a video detailing exactly how it worked: