Valve recently discovered and corrected a security flaw in Steam that would allow hackers to add cash forever to their Steam Wallets. Because account users utilize the Steam Wallet to store cash and purchase games, if the bug had gone undiscovered, it might have caused catastrophic harm to the enormous online gaming industry.
Valve is most known for Steam, one of the most popular platforms for sharing and selling video games online, even though it recently made news with the powerful Steam Deck portable launch. Steam is utilized by both big AAA companies and tiny independent studios, with a number of smaller games getting a lot of traction on the platform.
Valve is featured on Hackerone, a platform that allows freelance programmers to interact with large corporations due to its prominence in the gaming industry. These programmers frequently attempt to find possible flaws in websites and apps such as Steam. This may help avoid problems like the recent hacking attack on Call of Duty: Warzone in the game world.
According to a Kotaku story, a Hackerone programmer appears to have been successful in averting a potentially catastrophic Steam hack. Steam users may theoretically add an infinite amount of cash to their Steam Wallets using an exploit connected to the Dutch payment network Smart2Pay, according to the programmer known as drbrix.
In other words, by selecting this payment option during checkout while using a certain email, hackers may intercept the transaction and inflate a deposit much above its initial value. Thankfully, drbrix shared this information with Valve and was compensated $7,500 for his work. Valve then released a patch to prevent this exploit from happening again.
As the Kotaku article points out, $7,500 seems like a pittance for finding such a major security flaw in Steam. Gaming firms face significant financial danger from malicious hackers. The data attack against EA this summer is a recent illustration of this hazard. The vulnerability discovered by drbrix has the potential to do considerably more harm since attackers may use it to shut down the Steam marketplace basically.
Whether Valve’s reward was fair in comparison to drbrix’s accomplishment, Steam customers may rest easy knowing that a major vulnerability has been resolved. However, such a blatant security flaw in Steam raises concerns about the platform’s general trustworthiness. Hopefully, this limitless Steam Wallet vulnerability is only an exception in an otherwise trustworthy online marketplace.