Technology, Top News

Steam pays £15k to dev who discovered free product key exploit

Steam could have crashed, leading to a lot of hot air and being hauled over coals

GAME PORTAL MAKER Valve has handed out a huge bug bounty after a potentially crippling exploit was discovered in the Steam platform which allowed users to generate thousands of free product keys.

Security research Artem Moskowsky was digging around in the partner portal (the bit that content generators use) and discovered that things were amiss.

There’s a little glimpse behind the velvet rope required for this. When a site like ours wants to review a piece of software, or the creator wants to give it away as a gift or in a competition, the portal allows them to generate licence keys to give out.

Mr Moskowsky found that by modifying the request to bypass verifying ownership of the game in question, he could create as many licence keys as he wanted, each with the full market value of the product in question.

This was entirely done by changing a single parameter of the request. These keys can then be given away or sold on the black market.

Valve has confirmed that the bug is now fixed and that as far as it can tell, nobody ever used the exploit.

Nevertheless, the potential for destruction caused if this bug had been discovered by less honest parties could have cost Steam and potentially indie developers, tens or even hundreds of thousands of pounds in lost revenue.

In recognition of this, Mr Moskowsky was given $20,000 (£15.5k), with a further $5,000 ($3900) for making the disclosure privately to Steam, allowing them time to fix it before it became public knowledge.

Earlier this year, Steam was brought to Android for the first time using the Steam Link app, which allows users to stream from a compatible computer to a locally networked device.

Steam has maintained a policy of allowing all games providing they meet relevant laws and standards. However, occasionally a title may choose not to be a part, most recently Fallout 76, expected to be one of the best selling titles this Chrimbletide. μ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend