Even Steam is not infallible. Last April, we learned that Valve's platform invitation system allowed hackers to take control of your PC. This weekend, a new bug was brought to light by a security researcher, rewarded for his discovery.
The flaw in question, in connection with the Steam wallet, made it possible to inflate the amount available in the hackers' virtual wallet.
Read also:
CS:GO: a bug allows hackers to take control of your PC
Full of fake money
It all started with the discovery of a security researcher, working under the pseudonym "drbrix", via the HackerOne platform. The latter said he had identified a flaw allowing hackers to increase the amount of their Steam wallet.
A problem that quickly came to the ears of Valve teams, including those of JonP. According to the explanations of “drbrix”, the hackers had to register on their Steam account an e-mail address in which the terms “amount100” appeared.
It was then possible for them to intercept payments made through Smart2Pay and increase them artificially. Valve confirmed that the description given by "drbrix" was relatively close to the approach used by the hackers.
In response, the company quickly classified this problem as critical, judging that it could have a significant financial impact for the company, and rewarded the security researcher, up to 7 dollars.
While Valve has since resolved the issue and hopes that users will continue to help in the future, no communication has been made regarding the exploitation of this flaw and we do not know if it has actually been used. by hackers.
