Steam Password Flaw - check your security!

[Keepbro]

Hey guys

Just a heads up but steam screwed up account security by having a massive password flaw with their account recovery system so I would advise everyone to check their accounts. Apparently if you have steam guard then you should be OK but I still recommend everyone do it just in case.

[Connall]

Some things worth pointing out:

 

In order of this exploit to be used the person would have to know your steam login id, which can differ from what the community sees. So if you are pretty secretive about your username, you should generally be fine.

 

The reason those who use Steam Guard is generally unaffected, is because even though the user could change the password for the account, Steam Guard still remains enabled (if the user has it enabled of course, and if you don't have it enabled at this point, why not? You really should.) so an e-mail is sent to your address with the code necessary to access the account. So unless they have access to your e-mail account, then sure. They could reset your password but that's about it.

 

You will know you have been affected by this bug, if you can no longer access your account on Steam. If you can still access your account, you're fine and there's nothing to worry about. If you can't, then do a password reset request if possible and if that doesn't work be sure to contact Steam support.

 

If you can still access your account, you don't need to change your password. Realistically if you use Steam on a regular basis and have had nothing impede your time with it, then you were probably not affected by this security flaw.

 

If you don't have Steam Guard enabled, I highly suggest you enable it. It's a decent security measure to have.

[Cdr.Keen]

using steam guard, and an 11 year old steam-email-id which differs from all my account based informations. my password is like 123456 and very different so the password and account i use with steam guard.

 

but few days ago, my also 5+ years old skype account got hacked - the account i created before skype was bought by microsoft. didn't even know that it still exists.

[nasKo]

That was already fixed a day or two ago. Or is this something else?