Steam Bug Allowed Unlimited Free Downloads

[upnorth]

Content source

https://www.bbc.com/news/technology-46183000

A man has been given $20,000 (£15,500) for discovering a bug in the Steam video games store that let people download any game for free.

Security researcher Artem Moskowsky found a flaw in Steam's portal for games developers that let anybody generate licence keys without paying. Millions of people use Steam to buy and download games on PC and Mac computers. Mr Moskowsky told Steam owner Valve about the bug and it awarded him the money as part of its bug bounty scheme. Many companies reward people who privately disclose security problems so they can be fixed, rather than sharing the information online. Mr Moskowsky told news site the Register that he discovered the problem by accident when exploring the Steam partner portal. The portal lets game studios generate licence keys for their software, so they can give a copy to fans or journalists to review. But he found that modifying the request let anybody generate thousands of codes for any game they wanted. These could theoretically be sold online on the black market.

 

[Deletedmessiah]

I wish that security researcher had told me 1st

 

[Weebarra]

I'l bet that anyone who discovered this bug for themselves and helped themselves to "free" games will be cursing Artem Moskowsky upside down right now.

 

[Eddie Morra]

I'l bet that anyone who discovered this bug for themselves and helped themselves to "free" games will be cursing Artem Moskowsky upside down right now.

They'll probably get caught and land themselves in court with charges potentially putting them in prison as well because exploitation of the bug would probably constitute for violation of the Computer Misuse Act (1990) and Steam terms and conditions.

But... only if the exploitation was intentional and could be proven as such.

If the exploitation was truly accidental and there was not sufficient evidence to conclude that the victim was truly intentional with trying to get free content they knew was not free and was aware of what they were doing, then it would be unfair for them to be punished.

 

[Local Host]

They'll probably get caught and land themselves in court with charges potentially putting them in prison as well because exploitation of the bug would probably constitute for violation of the Computer Misuse Act (1990) and Steam terms and conditions.

But... only if the exploitation was intentional and could be proven as such.

If the exploitation was truly accidental and there was not sufficient evidence to conclude that the victim was truly intentional with trying to get free content they knew was not free and was aware of what they were doing, then it would be unfair for them to be punished.

If you knew the amount of exploits steam has, and how many times they been exploit without legal action taken, you would probably be surprised.

This bug doesn't surprise me whasoever, but there's many more (that let you not only get games, but DLCs for free).

Valve can hardly maintain Steam stable for end users, and is extremely slow to update the client and their services, leave alone patch exploits that are older than a decade.

Users where promised a new Steam UI in 2018, as so far we only got a buggy Steam Chat, is a good example of how slow and careless Valve is. The Steam Chat is not ready for the Stable Channel, yet it's there and enforced on everyone.