Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
A large password-reset exploit was discovered in Valve's Steam, which resulted in many users losing access to their accounts.

A Password-Reset Exploit on Steam Now Resolved

A large password-reset exploit was discovered in Valve's Steam, which resulted in many users losing access to their accounts.
This article is over 9 years old and may contain outdated information

A bug was discovered on Steam where some users temporarily lost control of their accounts, but was quickly resolved by the Steam security team.

Recommended Videos
How the Exploit Worked

It may seem like a difficult series of actions to hijack a Steam account, but the exploit was discovered to run through the “lost password” section within Steam support. From there all that was required to gain access was the person’s username, then reset the password, and lastly set a new one to gain access to the account. During this process a verification email wasn’t required.

Valve has divulged information regarding the exploit, and that they discovered it on July 25th, but accounts may have been affected from July 21st – July 25th. Valve has released a statement on this security flaw. 

“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience”. – Valve

Speaking as someone who has hundred’s of dollars worth of video games on their Steam account, this is a very scary incident that has taken place. I would be devastated if I lost access to my account, and immediately seek out Valve for aid.

Were you affected by this password exploit on Steam? Has an incident like this happened on a different program? Share your stories below.


GameSkinny is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Courtney Gamache
Courtney Gamache
An online college student studying Business Administration and International Business at SNHU. I play a lot of different games, but I prefer management ones, including Minecraft, RollerCoaster Tycoon, Borderlands, and Assassin's Creed.