Categories: News

Valve Pays Researcher $7,500 For Finding Unlimited Steam Wallet Bug

As you may be aware, many online companies offer bug bounty programs to people known as white hat hackers. The basic premise of this is that although they do their own in-house security testing (or at least they should), it’s often far more cost-effective and successful to simply open to the doors to regular people out there with the trade-off that if they do find a serious problem, a payout will be issued. – Well, following a report via Eurogamer, it would appear that Valve has just paid one such person a pretty substantial $7,500 reward for finding a confirmed glitch within Steam that could’ve potentially allowed people to fill up their ‘wallets’ with seemingly unlimited amounts of currency.

Valve Pays $7,500 in Successful Bug Bounty Claim

Spotted by a user known as “drbrix” back in August last year they submitted a ‘bug bounty’ claim to Valve, claiming that they’d found a means of adding practically unlimited funds to a Steam Wallet by simply utilising a bug within the email system. Now, admittedly, it’s a little more complicated than that, but the short version is that it was proposed that people with “amount100” in their Steam account email address could successfully intercept payments made to the associated wallet (made via Smart2Pay) and then artificially inflate them. – With this, it would be possible to basically add 10 dollars worth of credit and fiddle the numbers to change this to $1,000.

Upon the report, Valve investigated the matter themselves and confirmed that this exploit did indeed exist. It has, therefore, since been fixed. Therefore, to reward “drbrix” for their efforts, they have just cut them a cheque for $7,500. Not without a bit of controversy from the community, though.

How Much is Enough?

The key factor in the controversy here is that if “drbrix” had made the glitch a matter of public knowledge, rather than reporting it as they did, this could’ve potentially cost Valve hundreds and thousands of dollars before they found a means of fixing it. Let alone discovering what was happening in the first place. – As such, many within both the gaming and ‘white hat hacking’ community are questioning whether $7,500 was really a payment sufficient to reward the merits of the discovery.

Microsoft, for example, regularly issues huge (often 6 figure) payouts for people who discover problems with their software/hardware. While this is, of course, based on the severity of the exploit, the bottom line here is that if “drbrix” was a significantly less ethical person, this bug in the Steam Wallet payment system could’ve cost Valve a colossal amount of money that it may have taken them years to detect.

So, I guess it boils down to a matter of opinion, but in a nutshell, many think the $7,500 payment was a bit stingy of Valve. – But what do you think? – Let us know in the comments!

Mike Sanders

Disqus Comments Loading...

Recent Posts

Intel 12th Gen CPUs, Z690 and DDR5 Preview

Intel is set to launch their new Alder Lake 12th Gen CPUs very soon. While…

13 hours ago

Gigabyte Z690 AORUS XTREME Motherboard Preview

Gigabyte is one of the biggest names around, so it's going to come as no…

13 hours ago

Gigabyte Z690 AORUS Master Motherboard Preview

There are a lot of Z690 motherboards about to hit the market, and you can…

13 hours ago

Gigabyte Z690 AORUS Pro Motherboard Preview

Gigabyte is sure to have a huge range of motherboards for this launch, if not…

13 hours ago

MSI MEG Z690 UNIFY Motherboard Preview

MSI is one of the leading brands for high-end gaming motherboards, so it's no surprise…

13 hours ago

MSI MPG Z690 Carbon WiFi Motherboard Preview

MSI is one of the bigger and best brands in the world for gaming hardware,…

13 hours ago