Join The Community
Valve has had to fix a Steam exploit that allowed players to generate false credits to their Steam wallet balance.
While there's no word yet on whether or not unscrupulous players were able to successfully make use of the exploit, the issue came to light earlier this week on HackerOne courtesy of a security researcher who'd discovered that if a user had "amount100" as part of their Steam account email address, payments via Smart2Pay could be intercepted and amended, changing $1 deposits to, say, $100 while the payment debited from the bank account remained at $1.
As reported by The Daily Swig, after testing the API "in-flight" interception, Valve's JonP thanked the reporter, moved swiftly with the team to triage the issue, and confirmed that the researcher was correct and asked them to "please stand by" while Valve "assessed [the] severity" of the exploit.
Article continues belowLater that same day, the researcher was asked to retest the system, after which JonP felt compelled to reclassify the exploit as a "critical" one and awarded the researcher a $7500 bounty in thanks for reporting the issue.
"Thank you for this report," JonP said (thanks, NME). "This was clearly written and helpful in identifying a real business risk. We have changed the severity assessment to Critical, reflecting the potential cost to the business, and applied a bounty accordingly. We hope to hear more from you in the future."
While Spencer stopped short of confirming how, exactly, the streaming service will work on Steam Deck, it's the first time we've had confirmation that Microsoft's streaming service is compatible with Steam Deck.
Missed the big announcement of Valve's all-new Steam Deck? Compared by many to be the PC equivalent of the Nintendo Switch, the Steam Deck is a handheld PC that enables you to carry your Steam library with you wherever you go, and has been balanced to perform equally well regardless of whether it's docked or on the move.
