Steam could have lost innumerable profit if a payment bug in its platform was not addressed.
With the world’s internet way faster nowadays than ever, many are embracing the digital format rather easy. For PC gamers, this implies a rapid adoption of platforms like Steam for their entertainment quick fix. Just last year, the Steam digital forefront has seen a 120 million active monthly users. This was a leap from the 95 million just a year prior.
Many active users mean more potential buyers
A good reason why many are in strong support is due to its frequent sales and occasional giveaways. The former suggesting the highly likely chances that many users are spending money on games whenever there’s something on sale. Consequently, that also translates to millions of dollars of sales, whether or not the total number spent money during the event. On the other side, that could also infer potential losses if some of those users have been exploiting the platform’s recently uncovered payment glitch.
Thanks to user “drbrix,” that potentially catastrophic event for Steam has been uncovered and averted. As per The Daily Swig, said user came across the serious bug a week ago and subsequently reported it to HackerOne for a bounty. The bug, allegedly, is an exploit whereby perpetrators can illicitly generate funds in their accounts. The process of which seemingly involving an editing trick that asks the addition of the term “amount100” to a registered email address.
As per source:
“With this in place, a would-be attacker would apply to add funds to their wallet, selecting an option that relies on Smart2Pay as the payment method, before going ahead with a small minimum payment of $1”.
“If an attacker intercepted the corresponding POST request to the Smart2Pay API, they would find a response that could be edited to change the payment amount, which could be edited to a far larger amount than was actually paid ($100 instead of $1).”
Fix is on the way
Finding authenticity in the report, Valve was quick in its acknowledging of the claim. In response the company thanks drbrix in his helpful finding and has given a promise to address the issue. However, to fully rectify the problem, Valve openly asks the security expert in evaluating the fix they’re applying against the exploit.
For his wonderful contribution, drbrix gets more than just thanks for his wonderful contribution. Particularly, he also gets a lumpsum of $7500 for a reward. Yet, a meager pay considering the extent of potential damage of the bug had he not made the report.
Image used courtesy of raphaelsilva/Pixabay