Steam security breach: how smart companies make big mistakes
Steam, with over 125 million active users and 4500 games, is the biggest name in digital distribution, DRM & social networking for the games industry.
Yesterday, they were hit by a security issue that was embarrassingly simple in hindsight. A user uploaded a video on YouTube that showed the ease of hacking into anybody’s account. The breach has since been fixed, but the video will remain an interesting case study of how one minor oversight can become a massive nightmare. In this case, the developers had forgotten to include a simple test case in the password reset process – that of users submitting a blank token to gain access.