A security “loophole” has been blamed for multiple Steam accounts getting hijacked over the weekend.
Said loophole allowed anyone to reset a Steam account password, providing they had the account name. No further verification was needed to do the password reset.
The flaw has been fixed, though Valve has told Kotaku that accounts were potentially affected from 21-25 July. As such, they’ll be resetting any “suspicious password changes during that period”.
“Please note that while an account password was potentially modified during this period the password itself was not revealed,” Valve continued. “Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.”
This article may contain affiliate links, meaning we could earn a small commission if you click-through and make a purchase. Stevivor is an independent outlet and our journalism is in no way influenced by any advertiser or commercial initiative.
