Hacker Receives $20,000 From Valve For Discovering Steam Bug That Generates Free Steam Keys

Valve’s Steam is one the most popular and successful digital distribution platforms on the PC, so it would make sense that the company would want to keep it bug free. Security researcher Artem Moskowsky, who found a bug which would allow users to get their hands on functioning Steam game keys, was paid $20,000 for his find.

“An authenticated user could download previously-generated CD keys for a game which they would not normally have access,” Valve explains in the HackerOne report.

The issue was first discovered by Moskowsky back in August, and Valve managed to resolve it only recently. On August 11th, Moskowsky was paid a bug bounty of $15,000 with a $5000 bonus. Valve claims that this method of generating keys is tied to audit logs, and that there is no evidence of someone abusing this bug.

“Audit logs were not bypassed using this method, and an investigation of those audit logs did not show any prior or ongoing exploitation of this bug.”

Speaking with The Register about his find, Moskowsky says, “This bug was discovered randomly during the exploration of the functionality of a web application. It could have been used by any attacker who had access to the portal.” 

As you would probably guess from the large payout, this was a very serious issue and it took Valve at least a couple of weeks to patch. In one case, Moskowsky had managed to acquire 36,000 Steam keys for Portal 2, a title that retails for $9.99 on the Steam store.

“To exploit the vulnerability, it was necessary to make only one request. I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys,” the researcher continues.

The HackerOne report detailing the vulnerability was publicized only recently on October 31st.
Farhan Ali
Farhan is a passionate writer with an undying love for games, PC hardware, and technology. With nearly 5 years of experience in blogging and over 14 years of experience in gaming, this is what he loves and does best.

Expert Tip

Hacker Receives $20,000 From Valve For Discovering Steam Bug That Generates Free Steam Keys

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested