Steam is one of the most popular gaming services around, with an estimated 125 million users and 3 million to 4 million users online at any one time. Its secret to success is how easy it is to purchase and download hundreds of games, from AAA titles to indie classics, and play them online with your friends.
Unfortunately for millions of gamers, it also recently made it easy for hackers to break into any Steam account. The problem is fixed, but from July 21 to 25 every Steam account was vulnerable, and an unknown number were hacked.
The flaw was found in Steam's "forgot password" system. Normally, resetting your password requires you to know your username and email address to get a reset code.
However, a gamed named Elm Hoe raised awareness that Steam was allowing a password reset using just a gamer's username, which anyone on Steam can see. You just had to leave the reset code field blank and Steam would act like you put in the correct one.
Here's the hack in action:
Fortunately, Valve, Steam's developer, moved fast to fix the hole. It's also requiring anyone who did a password reset during the affected time period to reset their password again, just in case.
If you're a Steam user whose password was reset, you should have received an email telling you to reset it again. Just be on the lookout for fake email asking you to click on links to reset your password. The only way you want to reset your password is by running your Steam program.