The vulnerability of Steam, which officially provides free balance to users, was recently discovered by a security researcher. Valve rewarded the person who found this vulnerability, which could cause great damage, with a minimum of 1 salary.
The vulnerability uncovered by the researcher allowed users to top up their Steam wallet balances for free. The person who noticed this informed Valve about the situation. The problem is fixed, if the security researcher received a $7,500 prize.
Security researcher probably saved Steam from a huge waste
A security researcher found under the name ‘drbrix’ on a site called HackerOne, on Steam who tricked them into loading money into their wallets discovered a vulnerability. The vulnerability, which can be exploited by creating a fake ‘Smart2Pay’ payment, was shared by ‘drbrix’ in detail on HakcerOne.
The researcher said that the vulnerability could cause major problems on Steam; Steam shop can be crashed with free shopping or added a warning that a user can sell the games they bought for free at the end of the post. A Valve official who saw the post thanked him and reported that they started working on the problem. After the problem was resolved, Valve sent $7,500 as a reward to the person who found this huge flaw. Judging by the comments of the post, this award made ‘drbrix’ very happy. However, if he had not reported it himself, Valve could have suffered a great loss.
Valve has not made a statement about whether this vulnerability has been exploited by a hacker so far. But even if he had used it, we think that if there was a significant loss, the company would have noticed it.