English
German
Portuguese
Spanish
Romanian
The potentially-costly trick involved changing your email and was found by a user on Hackerone
A security researcher on Hackerone recently submitted an exploit that could be used on Steam to gain unlimited funds. The exploit has since been patched by Valve and the company awarded the user who discovered this exploit $7500.
Hackerone is a site that connects companies like Valve with users who like to hack and tinker with websites, apps, and other pieces of software. These folks can submit exploits and hacks to companies privately and then in exchange, these tech companies can award hackers money for their finds. It’s a system that has a track record of helping squash nasty exploits before they can go public.
On August 9, Hackerone user Drbrix privately alerted Valve to a Steam Wallet exploit that involved changing your email address and intercepting transactions that use any Smart2Pay payment method. You can read about the full method of attack and how it works via the Hackerone report, which became public on August 1o and was spotted by The Daily Swig and NME a few days later.
Read the full article on Kotaku
