A security researcher has netted a US$7,500 bug bounty by helping Valve close an exploit in its Steam Client software. The exploit would have basically allowed a user to spend willy-nilly throughout the Steam Store thanks to an 'unlimited funds cheat' boosting Steam Wallet deposits. I haven't seen any reports of this bug being exploited in the wild, but it is now patched.
This is an unusual exploit which can be outlined as follows;
- A user would need to modify their Steam account email to include the string 'amount100',
- Then the user would have to add funds to their Steam Wallet, choosing Smart2Pay as the payment method,
- User top-up choice could be as low as US$1,
- The user would then have to intercept the corresponding POST request to the Smart2Pay API, where they could edit the credit amount up to $100.
Step 4 sounds a bit technical, and I'm not sure how simple it would have been to execute.
Valve responded to a request for comment from The Daily Swig, saying that "Thanks to the person who reported this bug, we were able to work with the payment provider to resolve the issue without any impact on customers."
Valve Steam Deck infomercial published
After not updating its YouTube channel with new content for eight months, Valve has published a one-minute infomercial which nicely sums up the abilities and attractions of the upcoming handheld hardware release (see below).
The Steam Deck has proved very popular and pre-orders in the regions where it is due to roll out first are such that new customers will be waiting into Q2 2022 at the earliest, for their handhelds to be dispatched.