A bug hunter has scooped a $20,000 bounty from Valve after identifying a bug which allowed seemingly limitless CD keys to be generated for any game on Steam. Hacker guru Artem Moskowsky stumbled across the vulnerability on Steam back in August, posting a $20,000 bounty on HackerOne.
Using the flaw in the Steam portal, Moskowsky was able to generate 36,000 activation keys for Portal 2 in a single swoop, equivalent to $360,000 worth of product. These keys could then be redeemed or sold as legitimate, working copies of the game.
"This bug was discovered randomly during the exploration of the functionality of a web application," Moskowsky explained to The Register. "It could have been used by any attacker who had access to the portal."
Valve has since revolved the case and paid out a $20,000 bounter to the ‘bug hunter’, outlining a summary of the issue on HackerOne. Just a single parameter was changed and Moskowsky was then able to make a request to bypass verification of game ownership and access the keys.
“Using the /partnercdkeys/assignkeys/ endpoint on partner.steamgames.com with specific parameters, an authenticated user could download previously-generated CD keys for a game which they would not normally have access,” writes Valve. “Audit logs were not bypassed using this method, and an investigation of those audit logs did not show any prior or ongoing exploitation of this bug.”
It’s not a bad payday for Moskowsky, who makes his living finding and reporting bug bounties in exchange for cold, hard cash. It pales in comparison to the sheer number of keys that could’ve been nefariously gained, but $20,000 is enough to truly live the dream and buy Train Simulator and its $7,000 worth of DLC, and still have $13,000 to spare.