Steam logo
IN PHOTO: The logo of Steam; a company that focuses on selling digital games and other gaming ventures. Steam (via store.steampowered.com)

Valve has begun taking steps to address a recent issue in password security by resetting numerous Steam passwords. The security flaw, discovered sometime in July, allowed users to easily change the password of other accounts without the use of a unique code.

Normally, Valve will email a temporary code to users who forgot their passwords. According to ExtremeTech, some Steam users discovered that the company doesn’t verify whether the temporary code was valid or not. Not entering any codes during the verification process would allow the user to change the password of the account easily.

Fortunately, Valve has other backup security measures so not all users’ accounts were jeopardized. One of these is Valve’s multi-factor authentication called Steam Guard. It is a program within the Steam client that doesn’t allow unauthorized parties to log in into Steam accounts without access to the email account.

Another added security measure is a five-day freeze on item trading after a password reset. So if an account is hacked, the items in store cannot be transferred to a different account until five days have passed.

The security flaw became prominent after several users, including a professional Dota 2 player, reported their accounts got hacked. The players noted that there were some account activities that they didn’t do recently. The company has said it has fixed that issue stating that it is checking and resetting accounts with suspicious password changes during the period of the security flaw. In an interview with Kotaku, Valve has been apologetic to those affected by the security flaw, and they have assured that those affected will be taken care.

"To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected," the company said as quoted by Kotaku.

Steam has already sent an email with a new password to those affected by the loophole. Upon receiving the email, users are advised to login to their account using the Steam client, and from there, they should create a new password.

Contact the writer at feedback@ibtimes.com.au, or let us know what you think below.

RELATED STORIES