Steam accounts hacked, make sure yours is secure
Steam accounts hacked, make sure yours is secure
Steam accounts are usually secure, and Valve keeps a tight lid on security to prevent lapses. Usually, if an account's hacked, the fault lies with the person who got hacked, due to phishing or simply not using a secure password.
This time around though, the fault was mostly Valve's. The company behind the world's biggest online gaming platform had a pretty egregious bug on its password recovery system. Unscrupulous users discovered what Valve is calling a bug in the recovery system, which allowed anybody to gain access to an account if they had the username.
Valve of course offers free two factor authentication in the form of Steam Guard. Steam Guard sends you a code (via email) whenever a new computer tries to access your account. If it's a valid login, you just enter the provided code into Steam to authenticate. If not, you can report it to Valve, or simply ignore it as without the Steam Guard authentication code, your account is still safe.
Obviously, those who lost their accounts weren't using Steam Guard. Of course, there's still some fault on Valve's part for letting such an obvious bug slip through.
Valve's taken the initiative on the matter though. It vows to tighten security checks, as well as alert owners of suspicious account activity (such as the changing of passwords) during the vulnerable period. If you get an email saying to change your password, don't treat it as another phishing scam and actually do change it.
Source: Steam
Via: Kotaku