Steam bug allowed unlimited free downloads
- Published
A man has been given $20,000 (£15,500) for discovering a bug in the Steam video games store that let people download any game for free.
Security researcher Artem Moskowsky found a flaw in Steam's portal for games developers that let anybody generate licence keys without paying.
Millions of people use Steam to buy and download games on PC and Mac computers.
Mr Moskowsky told Steam owner Valve about the bug and it awarded him the money as part of its bug bounty scheme.
Many companies reward people who privately disclose security problems so they can be fixed, rather than sharing the information online.
Mr Moskowsky told news site the Register, external that he discovered the problem by accident when exploring the Steam partner portal.
The portal lets game studios generate licence keys for their software, so they can give a copy to fans or journalists to review.
But he found that modifying the request let anybody generate thousands of codes for any game they wanted. These could theoretically be sold online on the black market.
"I managed to bypass the verification of ownership of the game by changing only one parameter," he told the Register.
Valve awarded him $15,000 and a $5,000 bonus for making the private disclosure. The flaw has since been fixed.
Valve said an investigation of its logs did not show that anybody had exploited the bug.
- Published20 November 2017
- Published7 April 2016