Valve awards $7.5k bounty to a researcher who discovered a flaw with Steams wallet system

Valve has had to fix a Steam exploit that allowed players to generate false credits to their Steam wallet balance.

While there’s no word yet on whether or not unscrupulous players were able to successfully make use of the exploit, the issue came to light earlier this week on HackerOne (opens in new tab) courtesy of a security researcher who’d discovered that if a user had “amount100” as part of their Steam account email address, payments via Smart2Pay could be intercepted and amended, changing $1 deposits to, say, $100 while the payment debited from the bank account remained at $1.

As reported by The Daily Swig (opens in new tab), after testing the API “in-flight” interception, Valve’s JonP thanked the reporter, moved swiftly with the team to triage the issue, and confirmed that the researcher was correct and asked them to “please stand by” while Valve “assessed [the] severity” of the exploit.

Later that same day, the researcher was asked to retest the system, after which JonP felt compelled to reclassify the exploit as a “critical” one and awarded the researcher a $7500 bounty in thanks for reporting the issue.

“Thank you for this report,” JonP said (thanks, NME (opens in new tab)). “This was clearly written and helpful in identifying a real business risk. We have changed the severity assessment to Critical, reflecting the potential cost to the business, and applied a bounty accordingly. We hope to hear more from you in the future.”

ICYMI, Microsoft’s streaming service, xCloud, will work on Valve’s Steam Deck (opens in new tab). The announcement came courtesy of Xbox boss Phil Spencer, who teased that earlier this week, he’d spent time with the team at Valve, experimenting with Steam Deck (opens in new tab) and confirming that “Halo” and “Age” “feel good” on Valve’s new handheld system.

While Spencer stopped short of confirming how, exactly, the streaming service will work on Steam Deck, it’s the first time we’ve had confirmation that Microsoft’s streaming service is compatible with Steam Deck.

Missed the big announcement of Valve’s all-new Steam Deck? Compared by many to be the PC equivalent of the Nintendo Switch, the Steam Deck is a handheld PC that enables you to carry your Steam library with you wherever you go, and has been balanced to perform equally well regardless of whether it’s docked or on the move (opens in new tab).

Check out how the Steam Deck specs compare to the Nintendo Switch, PS5, and Xbox Series X (opens in new tab) in our breakdown.

About Fox

Check Also

Nintendo Direct for third-party games may be coming next week

Another Nintendo Direct presentation is reportedly on the way. That’s according to Nacho Requena, the …

Leave a Reply