A security researcher from Hackerone recently submitted an exploit that could be used on Steam to obtain unlimited funds. The exploit has since been patched by Valve and the company has awarded the user who discovered the exploit $ 7,500.
hacker is a website that connects companies like Valve with users who love to hack and tinker with websites, apps, and other software. These people can privately submit exploits and hacks to companies and in return, these tech companies can pay hackers money for their discoveries. It’s a system that has a track record of suppressing nasty exploits before they can go public.
August 9th hacker User Drbrix privately brought Valve to the attention of a Steam wallet exploit This involved changing your email address and intercepting transactions using any Smart2Pay payment method. The full attack vector and how it works can be found in the Hackerone report, published August 10th and discovered by The daily sip
“I think the effects are pretty obvious, attackers can generate money and break the Steam market, sell game keys cheaply, etc.,” wrote Drbrix in hers hacker Report.
As expected, Valve was quick to respond to Drbrix’s post. A Valve employee on the website named JonP thanked Drbrix for his find and stated that Valve had been quick to validate their reports and are taking steps to fix the problem. In a follow-up message from JonP it was stated that the report was “clearly written” and “helpful in identifying a real business risk”.
Valve then paid Drbrix $ 7,500which is nice but doesn’t seem enough. If this exploit had gone public or shared with a few small groups, it could have cost Valve a lot more than $ 7,500. Come on valve. Last year, Riot offered people $ 100,000 for finding it Appreciation Uses.
After everything was cleared and fixed, Valve and Drbrix released the full report.