Valve Pays $20,000 To Hacker Who Found Steam Bug That Generates Free Games

Illustration for article titled Valve Pays $20,000 To Hacker Who Found Steam Bug That Generates Free Games

Somewhere deep inside Valve’s labyrinthine compound of Steam-sustaining tubes, wires, and pipes, somebody is thanking their lucky stars for Artem Moskowsky. The self-described “bug hunter” came across a glitch that allowed him to generate thousands of free keys for any game on Steam. A lesser person might have kept that knowledge to themselves. He reported it.


Moskowsky discovered and reported the bug back in August, but Valve only allowed the information to go public recently. For his troubles, the company paid him $20,000—as opposed to a lifetime of free games, which is what would’ve happened if this was a feel-good episode of a sitcom.

According to a summary by Valve on bug bounty site HackerOne, the bug took advantage of an issue with Steam’s developer tools. Using “specific parameters,” anyone with access to those tools could make the service spit out keys for games that didn’t belong to them.

Valve said an investigation did not find evidence of the bug actually being misused. That’s good news for Valve, because speaking with tech publication The Register, Moskowsky said that in one case he managed to trick the system into giving him 36,000 keys for Portal 2.

Given Steam’s documented history of problems with sketchy secondhand sites and illicit key scams, it’s not hard to imagine a few scenarios in which scammers might’ve found this bug handy. And given how easy it is to become a developer and gain access to partner tools on Steam these days, I doubt they would’ve had much trouble pulling it off. (Then again, who knows how long it would have been before Valve caught on and shut it down.)

As for Moskowsky, I imagine he’s in pretty good spirits, given that he’s spent the past few months using his digital tweezers to pluck all sorts of bugs from Valve’s back, including one in July that netted him an additional $25,000.

Kotaku senior reporter. Beats: Twitch, streaming, PC gaming. Writing a book about streamers tentatively titled "STREAMERS" to be published by Atria/Simon & Schuster in the future.



What do you have to do in 2018 to get a job? This guys finds a platform crippling bug that would have shaken steam to its core had it gone public and they just toss him a fist full of dollars? Don’t get me wrong, I’ll take 20K any day of the week but it just seems that this man’s services are worth more than one lump sum payment.