He could get thousands of keys for games in Steam library

Nov 12, 2018 20:17 GMT  ·  By

A security researcher found a bug in the Steam developer portal that would allow him to obtain any game available in the store.

Steam and all of its portals are now a big enough entity to gather holes and problems that still unknown to the broader public. One of the ways to fix is to pay security researchers to find them before anyone else, and before they become a problem.

The current issue was revealed by Artem Moskowsky, who managed to find another problem with the Steam developer portal a few months ago. While the possible outcome could have been catastrophic, the exposure wasn’t relevant for the larger public.

The developer Steam portal needs some work

Artem found the problem within the Steam developer portal, which is only limited to developers, obviously. It’s not the overall Steam client or website, and that’s a little bit reassuring. Not everyone would have had access if the bug ever became public.

According to a report on The Register, a potential hacker could have used the vulnerability to get a large number of keys for pretty much any game available right now in the library. The official functionality for this option is to give developers a way to provide keys to gamers and reviewers.

In one instance, using the vulnerability, Artem could have retrieved 36,000 keys for Portal 2, which coincidentally is a game developed by Valve. The researcher notified Valve about the issue, and they fixed it immediately. The problem was then officially reported a few months after that.

Of course, Artem work didn’t go unrewarded. He received a total of $20,000, and it’s very likely that it’s not the last problem that he’ll solve for Steam and Valve.