A password flaw that would allow a hacker to hijack Steam accounts has been fixed and Valve has begun resetting user passwords, according to Gamespot.
Earlier in July, users began reporting that the “forgot my login details” could easily be exploited. When requesting a new password and after entering the victim's user name, instead of having to copy and paste a randomly generated code that was sent to the victim's email, the hacker could simply leave the data field blank, click “continue,” and create a new password.
Valve has since fixed the problem and, in a statement sent to Kotaku, assured users that “the password itself was not revealed.
“If SteamGuard was enabled, the account was protected from unauthorized logins even if the password was modified,” the statement said.