Valve, the leading gaming and virtual reality software, recently made headlines for having gone fifteen months without patching a high-severity flaw. Security researchers found this flaw and reported it to Valve back in December of 2018, but Valve neglected to issue an update until March of 2020. During this period, a hacker was able to take advantage of the bug and gain unauthorized access to user accounts.
Valve’s vulnerability was part of the Steam Client service and stemmed from the company’s failure to properly guard and validate the Steam protocol’s authentication messages. The vulnerability allowed malicious users to gain access to accounts and other user information without requiring any authentication. Furthermore, the attack could be executed without the need for any logins or passwords. This meant that any user could have had their private data compromised and no one would have been any the wiser.
The hacker was able to exploit the bug after Valve failed to address the vulnerability for over a year and was able to compromise numerous accounts. She even took to her Twitter account to brag about her exploits, sparking an outcry from Valve’s user base.
In the wake of the incident, Valve had no choice but to take action and issued an update in March of 2020 that fixed the vulnerability. Furthermore, the company has ramped up their security measures, adding additional authentication systems and better protection for user data.
Despite the patch, users should still exercise caution when using Valve’s services and ensure that their accounts are properly secured. As demonstrated by this incident, hackers will often look to exploit vulnerabilities in software and services if they are not patched in a timely manner. Therefore, Valve users should update their software as quickly as possible to stay secure.
Hey Subscribe to our newsletter for more articles like this directly to your email.