Valve’s Steam is the biggest platform in the PC gaming market, housing millions of accounts all over the world, and in most cases people have invested thousands of dollars into their own accounts.
Valve has yet to make a statement on the situation, but a video was published which showcased a huge flaw in Steam which allowed users to abuse the “forgotten password” feature in Steam’s log-in service, completely bypassing the stage where they have to enter a security code, and being granted access to reset the password of the account. This means that they could take over any account and lock the original owner out. All you would need to hack an account is a user name.
Valve have closed the loophole already, so don't worry. However, it was too late for many users. A huge amount of damage was done to many users. Among the affected are various prominent Twitch streamers, who’ve had their accounts hijacked and locked down. Valve have apparently started to impose a 5-day “ban” on accounts that have been compromised in the incident, but it’s not clear if there will be any additional consequences for those who have been affected.
Users who actively trade on the Steam Market have been worried that they might lose some of their hard-earned items, which is a real danger now that their accounts have been compromised. This is one of the main reasons for the 5-day lockdown, as it would allow Valve to carefully sort out the situation without people trading and getting in their way.
Steam users are advised to keep an eye on their e-mail accounts. If an e-mail related to password recovery is received, the user should definitely not ignore it, and proceed to verify that their account is still accessible.
It’s important to note that the information contained in the e-mail itself is not necessary to carry out the attack. Receiving this e-mail is simply a sign that the user is being targeted with the attack. However, some have reported that even changing their password has been ineffective, as the hackers are able to simply keep resetting it over and over again, and there was no good way to stop them. However, as we pointed out already, the situation has been fixed by Valve already. If you have not logged in for a few days, it might be wise to log in now and make sure everything is ok.