Internet-based digital distribution platform Stream has been hit by a major security flaw. According to The Next Web, a major fault has been revealed in Steam’s account login process that allowed the users to reset any account knowing only the target’s email address. Also Read - Instagram critical bug fixed by Facebook, could allow hackers to turn your phone into a spying tool
A hacker could abuse the ‘forgotten password’ feature in Steam’s log-in service and requesting a password reset code then visiting the special reset page and pushing OK. The reset page usually requests for a code that is sent to the users email address to verify their identity but it would also accept an empty code as valid. Also Read - PUBG Mobile: Grandson uses Rs 2.3 lakh for in-game purchases
So it was open for attack and anyone could break into a Steam account and change the password without needing access to the recovery email address. The bug is now fixed. Steam said that the bug affected only a small amount of accounts between July 21- 25. Also Read - Truecaller data of 47 million Indians breached, company denies
The company is resetting passwords on any affected accounts.