Valve has started resetting passwords, after a bug would let anyone reset an account's password with the username alone. This security flaw was found last week, but Valve is just now fixing it after many complaints from famous streamers and DOTA players.
Normally, you would need email access to the account to be able to reset the password. This bug disregards that part of the process, so when asked for the code, users found themselves able to just hit "Continue" without needing the random generated email code. Everyone except users of Valves Steam Guard service would be potential victims of account theft due to this.
Valve has released this statement: "To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected". If you where affected by this security flaw, you will receive an email from Steam with a new password. Furthermore, for peace of mind, Valve pointed out that user's passwords were not revealed, only reset.
Let us know any comments or concerns you have in the comment section below the article!
Sources: Polygon, Gamespot, Kotaku
