How the Exploit Worked
It may seem like a difficult series of actions to hijack a Steam account, but the exploit was discovered to run through the “lost password” section within Steam support. From there all that was required to gain access was the person’s username, then reset the password, and lastly set a new one to gain access to the account. During this process a verification email wasn’t required.
Valve has divulged information regarding the exploit, and that they discovered it on July 25th, but accounts may have been affected from July 21st - July 25th. Valve has released a statement on this security flaw.
Speaking as someone who has hundred’s of dollars worth of video games on their Steam account, this is a very scary incident that has taken place. I would be devastated if I lost access to my account, and immediately seek out Valve for aid.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience". - Valve
Were you affected by this password exploit on Steam? Has an incident like this happened on a different program? Share your stories below.