A Bug in Steam, Which Was Recently Patched, Could Have Given Users Access To Activation Key of Any Game

Ukrainian vulnerability researcher has found a bug that would have allowed him to download all the activation keys (also known as CD keys) made available through the Steam gaming platform, for any game, ever. From a report: Discovered by Artem Moskowsky, the bug resided in Steamworks, a platform that Valve runs to help developers with building and publishing games via its Steam gaming client. Moskowsky found the bug in a Steam web API located at partner.steamgames.com/partnercdkeys/assignkeys/. This is the API that lets game developers or affiliates retrieve CD keys made available to Steam users so their customers can activate a game installed via the Steam client. This API is accessible using a regular Steam account and takes several parameters, but the ones most relevant are appid (representing the game), keyid (representing the identifier of a set of CD keys), and keycount (representing the number of CD keys that Steam needs to return inside a CD key set).

No thanks to free stuff

[kaoshin]

Even if all Steam games were available for free, I would still pay, because I want to continue to support what they are doing for gaming on Linux. I do take advantage of a lot of the sales they run though.

Re:But without auditing?

[MrL0G1C]

A criminal would grab thousands of keys for full price AAA titles and sell them on grey market sites for a quick profit, they wouldn't care if the keys got revoked after an audit.