Skip to main content
  1. Home
  2. Gaming
  3. News

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

By

Security researcher Artem Moskowsky found a Steam bug that gave him access to infinite free keys for any game on the digital distribution platform, but instead of abusing the exploit, he reported it to Valve for a $20,000 reward.

Moskowsky told The Register that he accidentally discovered the vulnerability while browsing through the Steam partner portal, which is the website where developers manage games that may be downloaded on the platform. The security researcher, who has made a career as a bug hunter, noticed that it was easy to change the parameters of an API request, which gave him activation keys for certain games.

Recommended Videos

The API allows developers to acquire license keys for their games, which they can then pass on to gamers. However, as Moskowsky pointed out, it could have been abused by an attacker who has access to the Steam partner portal to generate an infinite number of activation keys for any game on Steam. It is also pretty easy to pose as a developer to gain access to the partner portal, so practically anybody could have taken advantage of the vulnerability.

Related

Moskowsky said that he entered a random string into the API request to check the severity of the bug. He then received 36,000 activation keys for Portal 2, which is being sold at $10 on Steam, for a total value of about $360,000 in just one command.

The Steam bug has now been recorded on the bug bounty website HackerOne, where it can be seen that Moskowsky reported the exploit to Valve on August 7. Valve took only a few days to patch up the vulnerability, and to award Moskowsky with a $15,000 bounty and a $5,000 bonus.

Valve is lucky that the exploit was discovered by an honest hacker like Moskowsky. The $20,000 reward to Moskowsky is minuscule compared to the possible losses that Steam would have suffered if the bug was widely used by pirates to grab free activation keys for every game on the platform.

Impressively, this is not the biggest bounty that Moskowsky has received from Valve. In July, the security researcher was awarded $25,000 for reporting an SQL injection bug, which was also discovered on the Steam partner portal.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Counter-Strike 2 is now available on Steam for free after surprise launch
A team groups up in Counter-Strike 2.

With little more than a slight tease beforehand, Valve just launched Counter-Strike 2 on Steam.
Counter-Strike 2 - Launch Trailer
Counter-Strike is Valve's long-running competitive multiplayer shooter series. Counter-Strike: Global Offensive has stayed near the top of Steam's player count charts ever since it launched in 2012. After over a decade of dominance, Valve first announced Counter-Strike 2 as a free, sequel-level upgrade to Global Offensive earlier this year. After some slight teases earlier in the month, Valve finally decided to surprise launch the game on September 27.
Counter-Strike 2 builds upon Global Offensive in Valve's newer Source 2 game engine. Outside of the obvious visual upgrades that change brings, Counter-Strike 2 adds to its predecessor with a new CS Rating system, overhauled maps, and tweaks to core mechanics like smoke grenades and the tick rate at which the first-person shooter operates. Valve also promises that the game features "upgraded Community Workshop tools," so we should get some entertaining Counter-Strike 2 mods.

Valve intends for players to smoothly transition from Global Offensive to Counter-Strike 2 as the game has simply updated to make the transition, and all items players obtained in the former work in the latter. Hopefully, this approach works out better for Valve than it did for Blizzard with Overwatch 2 last year. 
Counter-Strike 2 is available now on PC via Steam. It's a free-to-play game, although players can buy a Prime Status Upgrade for $15 that grants buyers the titular moniker. Having Prime Status grants exclusive items, item drops, and weapon cases and makes the game more likely to matchmake you with other Prime Status Counter-Strike 2 players.

Read more
You can get a Steam Deck for 20% off right now during Steam Summer Sale
Steam Deck running Path of Exile and the S22 Ultra running Diablo Immortal.

If you've been waiting around for the right time to buy a Steam Deck, now is the time to pull the trigger. As a part of the annual Steam Summer Sale, Valve is offering a serious discount on all Steam Deck models. The stellar handheld gaming device hasn't seen a lot of price drops since its release in February 2022, so this is definitely a deal that you should take advantage of if you've been eyeing the mobile gaming powerhouse.

The most impressive Steam Deck model is getting the deepest discount. The 512GB model is dropping from $649 to $520 (20% off) and includes the following bonuses.

Read more
Try these 6 excellent, free PC game demos during Steam Next Fest
A train passes a windmill in Station to Station

Every couple of months, Valve holds a Steam Next Fest event on Steam. During that time, lots of indie developers briefly release demos of their upcoming titles to gain more in-development feedback on their games and build some prelaunch hype for the titles. We love trying out some of these games and rounding up our favorites each time a Steam Next Fest rolls around. This year, we've already talked about how two climbing game demos really stuck out to us, but that's not all that's worth checking out.
There were six more indie game demos that we tried and fell in love with during the June 2023 Steam Next Fest. From a sci-fi hospital sim that's full of character to a game about cleaning up trash and gunk underwater, these are six of our favorite Steam Next Fest games that you should check out before the event ends at 10 a.m. PT on June 26.
Saltsea Chronicles

The latest game from Mutazione and Sportsfriends developer Die Gute Fabrik, Saltsea Chronicles is an adventure game about the motley crew of a ship looking for their captain throughout a flooded world. Digital Trends actually had the chance to try the demo early at Summer Game Fest Play Days this year. We came away impressed with its witty writing and gorgeous art, and we were even surprisingly good at its optional card game called Spoils. If you're a fan of adventure games, definitely give this demo a shot.
Saltsea Chronicles is in development for Nintendo Switch, PC, and PlayStation 5. It will be released sometime later this year. 
Loddlenaut

Read more