3,323
HIPHOP
SPORTS
WILD ISH
NEWS
1 0 bx goons and 1 bystanders
x2
42 K
'12
A security researcher picked up a $7,500 bounty for the find.
With the help of a security researcher, Valve has found and fixed an exploit that would have allowed a user to falsify the value of deposits to their Steam wallet. The exploit worked by—for example—turning a $1 deposit into a $100 deposit. It was accomplished by changing the account's email address to one including "amount100," then intercepting a message to a payment company API.
The writeup for the hack was posted on white-hat hacking bug bounty site HackerOne by the handle drbrix. Valve and drbrix later made the exchange public, once a fix was implemented. Drbrix first posted the bug as "medium" priority, saying "I think impact is pretty obvious, attacker can generate money and break steam market, sell game keys for cheap etc."
Valve, after testing the exploit and trying a fix, subsequently upgraded the bug to "Critical" severity and the corresponding payout to $7,500 USD "reflecting the potential cost to the business."
"We hope to hear more from you in the future," the Valve staff said.
Yes, I'm sure they would.
Valve told The Daily Swig that "Thanks to the person who reported this bug we were able to work with the payment provider to resolve the issues without any impact on customers." Valve did not say whether anyone had actually abused the potential exploit.
+2
47 K
'05
+1
OldBusiness
x5
255 K
'12
Hackers are different.
Don't even know what would possess one to change their email to include "amountX" ..
But......Was it really worth it though?
+1
x10
87 K
'19
Probably no punishment coming, as Valve has been paying hackers who find exploits pretty good for like 13 or 14 years. So it looks like the hacker took the quick payday rather than exploiting it - cashing in off it - and eventually getting hit with charges.
They actually invite and pay successful hacking attempts cause they use it to plug holes.
Heres an article from 2008 about it:
One from 2018:
And heres a dude who got a 20 thousand dollar check for finding a flaw:
And they'd paid him 25 thousand a few months before that for finding another flaw.
They learned to embrace that sh1t and just pay + plug the hole after them Russians cracked Ubisoft's PC Catalog before Uplay and had folks downloading source code for games + Ubi's whole PC Library/Catalog..
Them dudes gave away 58 million folks personal information + everything on Ubisoft's systems
Aug 19 - Trump upset at the Smithsonian for not displaying the good side of sla..
jadakiss addresses talk of him being from a good home and not street
gaming
Bruh I’ve Watched This Clip A Million Times And Never Caught This Until..
