Security researcher under the nickname DrBrix told on the website HackerOne about vulnerability Steamwhich allowed users to add unlimited funds to the wallet.
Soon after publication, an employee drew attention to the message Valve under the nickname JonP, who confirmed the vulnerability. The company released a fix and asked DrBrix to test it. He confirmed that he could not get extra money for the wallet.
Valve has changed the severity rating of the vulnerability, making it critical due to the potential cost to the business. DrBrix received $ 7,500 for finding the vulnerability.
More on review