clock menu more-arrow no yes mobile

Filed under:

Steam acknowledges, resolves password exploit compromising some accounts

Owen S. Good is a longtime veteran of video games writing, well known for his coverage of sports and racing games.

Steam has acknowledged that a password-reset exploit compromised numerous accounts, some held by well known streamers and gaming professionals, Kotaku reports.

The exploit has since been resolved and Steam has forced password resets on accounts showing suspicious activity. It doesn't appear to be a widespread breach but it was enough to get a response from Valve Corporation.

The exploit lasted from Tuesday to Saturday, Steam said. Kotaku posted a video showing how the password reset feature could be used to get access to an account knowing only its username.

Accounts using "Steam Guard," the service's two-factor authentication, were not exposed to the vulnerability, Valve said.

"Please note that while an account password was potentially modified during this period, the password itself was not revealed," Valve noted in its statement.

The next level of puzzles.

Take a break from your day by playing a puzzle or two! We’ve got SpellTower, Typeshift, crosswords, and more.