GamingNews

Exploit in Steam that Allowed Hackers to Add Free Money to their Accounts Has Been Fixed

Valve has rewarded a security researcher will $7,500 for reporting a major vulnerability in Steam’s payment system. This flaw allowed hackers to add an unlimited amount of funds to their Steam wallets. The store refused to disclose whether anyone was able to actually able to exploit this flaw to add money to their wallets.

Researcher “drbrix” reported the exploit that allowed hackers to generate an unlimited amount of funds in their Steam wallets. The bug would allow players with “amount100” in their Steam registered email address to intercept payments via Smart2Pay.

After registering the account, users could continue to add funds to their Steam wallets with Smart2Pay as the payment method, free of charge. The selected amount could have been as little as $1 as attackers then intercepted the POST (data request to the server) request and manipulated it to change the actual amount.

Smart2Pay has not yet commented on the exploit, but a Valve spokesperson said the report has enabled the platform to work with the payment provider to resolve the issue without impacting customers.

Source: Hackerone (Via: nl.hardware.info)

Areej

Computer Engineering dropout (3 years), writer, journalist, and amateur poet. I started my first technology blog, Techquila while in college to address my hardware passion. Although largely successful, it was a classic example of too many people trying out multiple different things but getting nothing done. Left in late 2019 and been working on Hardware Times ever since.
Back to top button