There was a pretty massive security flaw in Steam's code for, um, 15 years

June 1st, 2018 - 12:54pm

By Alex Calvin, PCGamesInsider Contributing Editor

Valve has only just plugged a security flaw that has existed in Steam's code for a decade and a half.

The oversight was discovered by Context Information Security's Tom Court in February, who has written a pretty detailed blog post that goes in-depth into the flaw.

In short - every single user was exposed to hijack attempts from third-parties. Court says that the flaw was in Steam's code from its early days and was never addressed because no-one attempted to exploit it. The custom Steam protocol did not check the first data package exchanged, leaving it open to exploitation from malevolent parties.

Within half a day of being reported, Valve rolled out a patch to address this on its Steam beta branch before a full roll-out on March 22nd.

The Pacific West-based company has since announced a bug bounty for pretty much any of its services, including Steam. It's possible that this extremely concerning revelation could have been the impetus for this.

Tags:

Alex Calvin

PCGamesInsider Contributing Editor

Alex Calvin is a freelance journalist who writes about the business of games. He started out at UK trade paper MCV in 2013 and left as deputy editor over three years later. In June 2017, he joined Steel Media as the editor for new site PCGamesInsider.biz. In October 2019 he left this full-time position at the company but still contributes to the site on a daily basis. He has also written for GamesIndustry.biz, VGC, Games London, The Observer/Guardian and Esquire UK.

Esports Future Summit	Middle East	Apr 27th
Dubai GameExpo Summit 2024	Middle East	May 1st
The MENA Games Industry Awards 2024	Middle East	May 2nd
GameDev Atlantic 2024		May 4th
Mobidictum Meetup Berlin May 2024	Europe	May 7th
Mobidictum Meetup Tallinn May 2024	Europe	May 21st
Israel Mobile Summit 2024	Middle East	Jun 6th
DevGAMM Vilnius 2024	Europe	Jun 14th

ALL THE LATEST NEWS ABOUT THE BUSINESS OF PC GAMES

FTC puts stop to non-compete clauses

Embracer's Wingefors admits he deserves criticism for state of company

Atari has revived Infogrames as a publishing label

Krafton snaps up minority stake in Poland's Far From Home

Amazon Fallout show officially renewed for second series

Embracer is splitting into three companies

CHARTS: Fallout show gives games renewed popularity

Krafton snaps up minority stake in Poland's Far From Home

News

There was a pretty massive security flaw in Steam's code for, um, 15 years

Top Stories

Valve is now calling early access to pre-ordered games Advanced Access

Ubisoft promotes company vet Russeil to EVP of comms, DEI, HR and legal

Wingefors says ditching Embracer name isn't due to bad reputation

Flaming Fowl lays off staff as Ironmarked demo launches

FTC puts stop to non-compete clauses

Calling all thought leaders: be a speaker at PG Connects events in Jordan and London!

Everything you need to know about Valve's Steam Deck

The top 10 studios selected at this year's Global Top Round

The power of crossplay - Improbable highlights the value of cross-platform multiplayer gaming

GFX47 proves that sometimes things go just to plan as No Plan B wins The Big Indie Pitch

Events

Dubai GameExpo Summit 2024

The MENA Games Industry Awards 2024

Pocket Gamer Connects Helsinki 2024

Esports Future Summit

GameDev Atlantic 2024

Mobidictum Meetup Berlin May 2024

PC Games Industry Jobs

Popular Stories

Larian boss says 'Baldur's Gate 3 effect' "sucks"

Powerwash Simulator hits 12m players

Flaming Fowl lays off staff as Ironmarked demo launches

Sea of Thieves surpasses 40m players

Amazon Fallout show officially renewed for second series

Join Us On Facebook

There was a pretty massive security flaw in Steam's code for, um, 15 years

Related Articles

Get PC Games Insider in your inbox

Top Stories

Popular Stories

Join Us On Facebook

Sign Up

to get PC Games Insider in your inbox