Man busts Steam bug that allowed unlimited free downloads, wins a $20,000 bounty

Steam , which is one of the most popular digital distribution platforms across the world, provides a range of services to gamers through its community including friends lists, groups, cloud saving, and in-game voice and chat functionality. Recently, someone was awarded as much as $20,000 (about Rs 14,50,000) for finding out a bug in the Steam video games store that was apparently letting people download any of the games for free. Artem Moskowsky, who is a security researcher discovered a flaw in Steam’s portal for game developers and informed Steam’s parent company **Valve** about the same. He then told The Register that Valve awarded him $20,000 as part of its bug bounty scheme. [caption id=“attachment_4813141” align=“alignnone” width=“1280”] Steam Logo[/caption] Moskowsky, while at the Steam developer site, realised how easy it was for anyone to change parameters in an API request, and hence get activation keys for a game. These keys are used to activate and play games downloaded from Steam. The bug was basically letting anybody generate license keys without paying. It can be harmful because, the games could possibly be sold online, which is an illegal act. “This bug was discovered randomly during the exploration of the functionality of a web application. It could have been used by an attacker who had access to the portal,” says Moskowsky. He has been doing security research for a while now; also this is not the biggest amount he’s made from Valve. This year in July, he received $25,000 for a discovering a bug on the same developer portal.