Valve Gives Cash Reward to Person Who Reports Steam’s Vulnerability


A HackerOne user shared a very risky vulnerability of Steam on the platform. Seeing the post about the deficit, which officially offered users free wallet balance, Valve fixed the problem. The security researcher who found the problem received a $ 7,500 reward.

The vulnerability of Steam, which officially provides free balance to users, was recently discovered by a security researcher. Valve rewarded the person who found this vulnerability, which could cause great damage, with roughly 1 salary.

The vulnerability uncovered by the researcher allowed users to top up their Steam wallet balances for free. The person who noticed this informed Valve about the situation. The problem is fixed, if the security researcher He received a $7,500 prize.

Security researcher may have saved Steam from massive damage

steam bug

A security researcher found under the name ‘drbrix’ on a site called HackerOne, on Steam who tricked him into loading money into their wallets discovered a vulnerability. The vulnerability, which can be exploited by creating a fake ‘Smart2Pay’ payment, was shared by ‘drbrix’ in detail on HakcerOne.

The researcher said that the vulnerability could cause major problems with Steam; Steam shop can be crashed with free shopping or added a warning that a user can sell the games they bought for free at the end of the post. A Valve official who saw the post thanked him and reported that they started working on the problem. After the problem was resolved, Valve sent $7,500 as a reward to the person who found this huge flaw. Judging by the comments of the post, this award made ‘drbrix’ very happy. However, if he had not reported it himself, Valve could have suffered huge losses.


Steam Deck’s Battery Life to Let You Game All Day Explained

Valve has not made a statement about whether this vulnerability has been exploited by a hacker so far. But even if he had used it, we think that if there was a significant loss, the company would have noticed it.

Source :