- Joined
- May 6, 2019
- Messages
- 12,595
- Points
- 113
Image: Steam
Valve has patched an expensive-sounding exploit that would have allowed Steam users to add unlimited funds to their wallets and build a tremendous backlog of PC games that they would never find the time to play.
The monetary cheat code was uncovered by a hackerone user named drbrix, who earned a $7,500 bug bounty for the discovery.
As explained in their submission dated August 9, drbrix pointed out that an attacker could add unlimited funds to their wallet by exploiting a method that relies on Dutch payment services company Smart2Pay. Modifying a Steam account’s email to include the term “amount100” apparently enabled a trick that could have allowed even minimal payment amounts such as $1 to be changed to any value.
In a statement to The Daily Swig, Valve confirmed that the bug has been squashed after it worked quickly with the payment provider to resolve the issue...
Continue reading...