clock menu more-arrow no yes

Filed under:

Steam acknowledges, resolves password exploit compromising some accounts

New, 12 comments

Steam has acknowledged that a password-reset exploit compromised numerous accounts, some held by well known streamers and gaming professionals, Kotaku reports.

The exploit has since been resolved and Steam has forced password resets on accounts showing suspicious activity. It doesn't appear to be a widespread breach but it was enough to get a response from Valve Corporation.

The exploit lasted from Tuesday to Saturday, Steam said. Kotaku posted a video showing how the password reset feature could be used to get access to an account knowing only its username.

Accounts using "Steam Guard," the service's two-factor authentication, were not exposed to the vulnerability, Valve said.

"Please note that while an account password was potentially modified during this period, the password itself was not revealed," Valve noted in its statement.