PAUSED
DOUBLE CLICK TO RESUME
LOADING
Valve pays out $20,000 after breach
Valve have paid 20,000 to a researcher who could have generated all the Steam keys he wanted!

hacker discovers a bug in valve's steam marketplace.

541197-steam-logo-640x360.jpg

Security specialist, Artem Moskowsky discovered a flaw in the popular game platform Steam, that enabled users with access to Developer Mode to generate unlimited game keys for any game they wanted to buy but he decided that instead of abusing this glitch and giving himself every game on the platform, or reselling games, he would bring the bug to the attention of Valve, who have taken the initiative to reward him with $20,000 over his discovery.


The hacker said that he discovered the bug randomly and that it could have been used by any person who had access to the portal. He mentioned that all he had to do was "Bypass the verification of ownership of the game" and by doing that he was able to get "any set of keys".  He insists that anyone would have been able to figure this glitch out should they have had the intent to do so. 


Moskowsky decided that he would show the issue by entering a random string of letters and numbers into a request and by doing so he ended up with over 36,000 activation games for the popular game, Portal 2. At the full price, that would have been $360,000 worth of keys which he could have offloaded at 95% of the price and made a staggering amount of money, which shows why Valve decided to give him such a notable pay for finding this glitch.


Valve has been used to paying ethical hackers for some time now and has already paid Moskowsky over $50,000 as he found another critical flaw in the system in July. Steam have immediately fixed the bug and despite its possibility of being quite disastrous for the company, they have said that they are unable to find any record of any person using this glitch in the past.


Would you have reported this to valve or taken advantage of the find?
Let us know in the comments below!

Comments
Zenternal
5 months ago
tfw you call a security specialist a hacker