Steam is PC gaming’s biggest digital distribution platform where developers can publish their games. With such a massive user base and so many developers selling their games on Steam, Valve needs to be on the ball with any type of security exploits. Enter Artem Moskowsky, a security researcher who was recently awarded $20,000 (over R287,000) for finding a Steam exploit.
As reported by GamesIndustry.biz, Mr Moskowsky found an exploit that allowed him to gain access tonnes of Steam keys for various games by simply making a specific API request. When Mr Moskowsky found this exploit, he entered a random string and got 36,000 Portal 2 keys. This is, of course, a massive exploit that Valve has since fixed. For finding a Steam exploit and reporting it, Mr Moskowsky was rewarded with the substantial bounty of $20,000.
Mr Moskowsky explained to The Register that:
To exploit the vulnerability, it was necessary to make only one request. I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.
This isn’t even the first time that Mr Moskowsky has been rewarded a bounty by Valve, as his biggest score yet has been a $25,000 bounty for finding an issue on Steam in July this year.
If you love all the technical stuff, you can read the report on HackerOne. This is a site which tech companies use so that others can look at vulnerabilities in their code. If someone does find a vulnerability, they will be rewarded with some nice cash. The latest Steam exploit was marked as critical severity, so Mr Moskowsky clearly did Valve a solid.