Steam accounts belonging to several prominent streamers were temporarily stolen when attackers discovered a flaw in the gaming platform’s password reset system. There is no telling how many people were affected by the problem, although it has been solved and most of the stolen accounts returned to the rightful owners.
The security loophole was embarrassingly easy to exploit, and only required the attacker to just request a password reset. The page that requests a recovery code can be circumvented by just leaving the field empty and pressing the button. As a result, the attacker could easily hijack the account with a new password. Provided that the owner of the account did not secure the account with two stage verification.
https://www.youtube.com/watch?v=QPl_BJoBaVA
Steam said that the bug only affected a small number of users between 21 -25 July. Meaning people were only vulnerable for four days, which is a terrifyingly long time for such an important account to be left open to attackers.
This is another argument for all Steam users to take advantage of the additional security measures made available by Valve. Two stage authentication is an additional layer of defenses in the event that a security breach takes place. It may not be the final answer in security, but it does make it harder for people to steal accounts.
[Source: Kotaku]
