Valve has rewarded a man with $20,000 after he discovered a bug which let people generate thousands of free codes at once for any game.
The flaw was rooted out by security researcher Artem Moskowsky who reported it to Valve on August 7.
https://www.gamesindustry.biz/artic...for-discovering-unlimited-free-game-codes-bug
Mod Edit:
https://hackerone.com/reports/391217
Using the /partnercdkeys/assignkeys/ endpoint on partner.steamgames.com with specific parameters, an authenticated user could download previously-generated CD keys for a game which they would not normally have access. Audit logs were not bypassed using this method, and an investigation of those audit logs did not show any prior or ongoing exploitation of this bug.
Last edited by a moderator: