There are always flaws in any system out there, and Valve and its Steam service are no different. There are many opportunistic people looking for ways to cheat and find exploits. When one hacker found out that there was a free game bug, he took action. And at the end of the day, Valve paid the hacker $20,000 for finding a free game bug on Steam.
Artem Moskowsky submitted a report to Valve back on August 7 reporting that there was a bug inside Steam’s developer tools. Apparently, authenticated users could download generated CD keys for games that they would not normally have access to. Moskowsky tested the bug. All he had to do was bypass verification of ownership by changing just one parameter. He tested Portal 2’s page, for example, and got 36,000 activation keys for a game that still goes for around 10 dollars on Steam’s website.
Thankfully, Valve looked into these details soon after Moskowsky submitted the bug. It turns out that an investigation of their logs found that no one had ever used this exploit. It was definitely there, however, for someone to use if they wanted to. A few days later, Valve not only rewarded Moskowsky a $15,000 bounty but also gave in an additional $5,000. For whatever reason, news of Moskowsky’s bug discovery only went public on October 31, way after the bug was first found.
Moskowsky ended up netting $20,000 for a bug he found himself, essentially saving the day for both Valve and the Steam service. Best of all he did it before anyone could exploit it. Steam has constant problems with seedy sites that exploit these very bugs for free CD keys. It’s pretty cool that someone has killed a bug like this before anyone else noticed and took action.
So sorry, bad guy hacker types, you won’t be able to nab the likes of Hitman 2 for free.
