Valve’s security practices have been known to be bad for years. They famously didn’t fix some developer side bugs until they were exploited. There was some XSS error or similar on the developer side years ago, and Valve didn’t fix it, even after reported, until a developer exploited it.
They also had issues with the password reset after Heartbleed, and some random user logged in using an exploited password and renamed some AAA games to read something like, “Valve, please reset partner passwords due to Heartbleed.” Valve got lucky that the user didn’t do anything malicious…
You mean this wasn’t already the standard?
Valve’s security practices have been known to be bad for years. They famously didn’t fix some developer side bugs until they were exploited. There was some XSS error or similar on the developer side years ago, and Valve didn’t fix it, even after reported, until a developer exploited it.
They also had issues with the password reset after Heartbleed, and some random user logged in using an exploited password and renamed some AAA games to read something like, “Valve, please reset partner passwords due to Heartbleed.” Valve got lucky that the user didn’t do anything malicious…