Two-step verification is at times annoying and inconvenient, but a recent exploited bug with Steam has proven that it’s worthwhile.
From July 21st until July 25th, an exploit existed that allowed users to reset an account’s password remotely. By entering nothing when prompted for the email verification code that goes with a password reset request, scammers were able to push through and gain access to a number of Steam accounts. High-profile users such as streamers and popular Dota 2 players were primarily affected because of the prominence of their Steam names. Little came of any of these intrusions, though, as resetting an account’s password places a five day restriction on trading for that account, meaning that no items or games stored in inventory were lost.
Speaking to Kotaku, Valve released a statement on the exploit’s fix:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience.
If your account was affected, let us know below!