Valve gives $20k as reward for man who found exploit that generated infinite Steam keys

Chary Nov 15, 2018.


    13,835

    73
    Front-page
    541197-steam-logo-640x360.

    Security is highly important for any company, especially Valve, which runs the largest PC gaming storefront: Steam. This of course means that it's up to the team at Valve to make sure everything is secure and safe as can be, for both its customers and itself. Sometimes, though, that's just not enough, which is when freelance system researchers come in, to see if there's any bugs or exploits that they can get through. Enter Artem Moskowsky, a system researcher who had figured out a way to generate unlimited Steam game keys for himself. All this required was for any user with a Steam developer account to make a slight change to a single parameter, which then allowed him to request any number of copies of any game hosted on Steam. Attempting to test if this actually would work, he made a request for 36,000 keys for Portal 2, which he received instantly through the exploit. Moskowsky immediately reported the bug to Valve's team, which was then quickly fixed from ever happening again. Valve awarded him a bounty of $15,000 dollars for finding this massive bug, along with a $5,000 bonus on top of it. This marks the second time that Moskowsky has helped Valve fix a major error within their system, in which he also was rewarded $25,000 for finding an issue that allowed SQL data to be easily read earlier this year.

    :arrow: Source
     
    Discussion (73 replies)
  1. BORTZ

    BORTZ The Amazing

    Supervisor
    22
    GBAtemp Patron
    BORTZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Dec 2, 2007
    United States
    Pittsburgh
    With the amount of sales you could buy with that money, you could argue that he still has infinite keys lol
     
  2. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend

    Member
    18
    May 27, 2016
    United States
    New York
    How is it I'm always last to know about stuff like this? I didn't know anything about infinite steam keys :wtf:
     
  3. CORE

    CORE 3:16

    Member
    6
    Jul 15, 2018
    United Kingdom
    I can sympathize with you @Sonic Angel Knight if I used Steam. But nice going for the guy 20k.
     
  4. Sasori

    Sasori GBAtemp Addict

    Member
    11
    Jan 28, 2015
    United States
    Neither did Valve ;)
     
  5. XDel

    XDel Author of Alien Breed: Projekt Odamex

    Member
    8
    Jul 25, 2012
    United States
    Another Huxleyian Dystopia
    20k, that's all?!
    Must not be too important.
     
  6. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    15
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 23, 2012
    United States
    Octo Canyon
    20K can buy a ton of games...
     
    Retsukun and NoNAND like this.
  7. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    That is...quite the exploit :blink:
     
  8. CoolStarDood

    CoolStarDood GBAtemp Regular

    Member
    4
    Feb 8, 2018
    United States
    Everywhere and nowwhere at the same time o__0
    How did this bug even happen?

    Just how...
     
  9. Jacklack3

    Jacklack3 ( ゚ヮ゚) buddie was here

    Member
    9
    Oct 6, 2015
    Canada
    In your basement Dick Size: 5 meters.
    Forgot to carry the 1 I guess...
     
    Legba013, Ricken, Taffy and 5 others like this.
  10. Crimson Cuttlefish

    Crimson Cuttlefish GBAtemp Regular

    Member
    5
    Aug 15, 2016
    United States
    ...traitor...
     
    nachuz, eriol33, cvskid and 7 others like this.
  11. Noctosphere

    Noctosphere Adoptive father of my kitty named Zelda

    Banned
    13
    GBAtemp Patron
    Noctosphere is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Dec 30, 2013
    Canada
    Back with kitty Zelda forever :D
    Never heard of this exploit
    Maybe i could have saved money of SotTR
     
  12. kuwanger

    kuwanger GBAtemp Advanced Maniac

    Member
    9
    Jul 26, 2006
    United States
    The more important thing is he wasn't sued into oblivion or threatened with decades of jail time after receiving said 36,000 keys and reporting it to Valve. As far as "should have paid him more", you wouldn't pay an internal developer the worth of a possible exploit either. Security researchers being paid such sums, as long as they're being compensated for the efforts within guidelines set by the company, is reasonable. Honestly, Valve and a lot of other companies aren't required to pay out any sort of bounty on bugs, security or otherwise, so I'd consider it a net win for both sides.
     
  13. DarkCoffe64

    DarkCoffe64 Bo

    Member
    6
    Mar 30, 2011
    Italy
    Arcadia
    Yet they can't afford some people to have some game quality check on the crap some people upload






    or just don't care
     
    NutymcNuty likes this.
  14. MasterJ360

    MasterJ360 GBAtemp Advanced Maniac

    Member
    7
    Jan 10, 2016
    United States
    I'm sure he knows another exploit... which he could actually exploit Valve with his findings lol
     
    Saiyan Lusitano likes this.
  15. Friendsxix

    Friendsxix Introspective Potato

    Member
    6
    May 6, 2008
    United States
    Best Hemisphere
    Warning: Spoilers inside!

    In all seriousness, it appears that this required a Steam developer account? While not a very high bar, I would think that it would prevent most of us normies from exploiting it anyways. :P
     
  16. Zonark

    Zonark Zonark - Noun - A God

    Member
    6
    Jul 11, 2010
    United States
    This wasn’t a know bug the dude literally just grinds away at server protocols and finds these bugs. This was never public. I never really thought about digging like this though, would be worth it to help steam I’m glad they are giving rewards.
     
    Saiyan Lusitano likes this.
  17. RivenMain

    RivenMain GBAtemp Regular

    Member
    4
    Oct 12, 2016
    United States
    g2a games would be like bro I'll give you a cut of all our earnings we need to milk the shit out of it~ lol That is very sad though. If steam can detect false keys it will remove it from ur steam. So I think if anyones buying keys they should consider how dangerous this may be.
     
    NutymcNuty likes this.
  18. ScarletDreamz

    ScarletDreamz [Debug Mode]

    Member
    12
    Feb 16, 2015
    United States
    Localhost
    And then we have "Nintendo" paying $100 bucks each critical issue.
     
  19. Delerious

    Delerious GBAtemp Regular

    Member
    4
    May 10, 2018
    United States
    California
    20k that he can put to a down payment on a house at least, or even buy a new car, depending on the model. You kids and your talk of buying games with 20k. *psshh*
     
Loading...