Hacker got Rewarded for Discovering a Critical Steam Bug
ArtemMoskowsky, a security researcher, came across with a Steam bug that provided him the access to numerous free keys for various games that are available on digital distribution platform. After finding the bug, the security researcher in place of reporting the exploit, reported about the bug to Valve to get a reward of $20,000.
Moskowsky informed the Register that the vulnerability was discovered accidentally, when he was browsing through the portal of Steam partner. Steam partner is a website where the developers manage games which may be downloaded.The security researcher, who has taken up bug hunting professionally, first saw that changing the parameters of API request is very easy, and therefore got an access to some of the games' activation keys.
API is the one which gives permissions to the developers to acquire license keys for the gaming, which are then passed on to the gamers. Moskowsky commented that these keys when fall in the hands of the hackers who has got the access of steam partner portal, will misuse the same by generating numerous activation keys for the games on Steam. Also, it is really easy to act as a developer in order to gain an access to partner portal, and therefore anyone can take advantage of this vulnerability.
As per Moskowsky, he was checking the severity of the Steam bug and into API request entered a random string. Just by doing so for portal 2 he received around 36,000 activation keys, which is sold at 10 dollars on Steam portal, in a single command for a total amount of around 3,60,000 dollars.
Now, the Steam bug has been recorded on HackerOne - the bug bounty website, in which Moskowsky has also reported the bug exploit to Valve on 7 August 2018. After the report, Valve within a few days patch-up the vulnerability, and gave away the award to Moskowsky, which is dollar 15,000 total money and dollar 5,000 bonus money.
Valve was really fortunate that the bug exploit was discovered by Moskowsky an honest hacker. The reward of dollar 20,000 given to him is nothing when compared with the possible loses that might have occurred when the bug would have gone into wrong hands and the hackers would have got activation keys for all the games on the platform.
» SPAMfighter News - 11/21/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!