Valve has awarded a security researcher $7500 for reporting a bug that permitted players to falsify credits to their Steam wallet.
As spotted by The Daily Swig, researcher "drbrix" reported the exploit via HackerOne, stating they had "found [a] vulnerability which allows attacker to generate steam wallet balance". The bug – which has since been resolved – would permit players with "amount100" in their Steam account email address to intercept payments made via Smart2Pay and artificially inflate them (thanks, NME).
After detailing how the exploit could be generated, Valve's JonP promptly thanked drbrix and agreed the team at Valve had been able to "validate this is happening pretty much as described", and were taking steps to address it.
