Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
December 14, 2018
arrowPress Releases






If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Hacker gets $20K from Valve for unearthing bug that generates free Steam keys

Hacker gets $20K from Valve for unearthing bug that generates free Steam keys

November 13, 2018 | By Chris Kerr




Valve has paid a $20,000 'bug bounty' to security researcher Artem Moskowsky after he discovered a bug that would've let people grab Steam game codes for free. 

As detailed by the company on HackerOne, the bug let anyone with access to the Steam partner portal download the previously-generated keys for any game by taking advantage of "specific parameters."

Moskowsky actually discovered the issue back in August, but it took Valve until October 31 to resolve the problem. Even so, Valve claims there's no evidence of the bug being exploited, meaning it managed to escape the notice of someone with less honorable intentions. 

To give you a flavor of how the situation might've unfolded in the worst timeline, Moskowsky told The Register he managed to get his hands on 36,000 keys for Portal 2, which still costs $9.99 on Steam. 

"This bug was discovered randomly during the exploration of the functionality of a web application. It could have been used by any attacker who had access to the portal," he explained. 

"To exploit the vulnerability, it was necessary to make only one request. I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys."

Luckily for Valve, Moskowsky -- who's established himself as a rather prolific bug hunter -- made the company aware of the problem and gave it plenty of time to cook up a fix. Bullet dodged. 



Related Jobs

Wombat Studio
Wombat Studio — SANTA CLARA, California, United States
[12.13.18]

Graphics Engineer (Tech Art focused)
Cold Iron Studios
Cold Iron Studios — San Jose, California, United States
[12.13.18]

Console Gameplay Engineer
Cold Iron Studios
Cold Iron Studios — San Jose, California, United States
[12.13.18]

Infrastructure Engineer
Cold Iron Studios
Cold Iron Studios — San Jose, California, United States
[12.13.18]

Site Reliability Engineer









Loading Comments

loader image