Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Steam Steam 40455312 1920 1080

Valve Pays Out $20K To Expert Who Found Major Exploit That Gave Out Free Games

This article is over 6 years old and may contain outdated information

A security expert just saved Valve from massive lost sales due to a major bug he discovered. Valve rewarded him with $20,000 in total for not only discovering it but being the good guy. He kept the exploit to himself and didn’t, you know, share it with the world for everyone to take advantage of. Valve has Artem Moskowsk to eternally thank for what could have amounted to millions in free games flooding the internet. He first shared his story with The Register in the U.K.

Recommended Videos

What he discovered

Located inside Valve’s  Steam developer portal he found the bug by sheer accident. For those who don’t know the Steam developer portal is used by game publishers to generate free keys so outlets like us can review their games or so they can give them away during promotions. Inside the application program interface (API)  he realized it was quite simple to make some changes to the parameters in order to get unlimited keys for virtually any game out there no matter whose game it was. You, of course, need to have a Steamworks developer account to even be able to generate keys in the first place.

During one key example he said he put a random number in and got about 36,00 keys for Portal 2 ( They retail for about $10.00 each) apparently that would amount to about $360,000 dollars in lost sales to Valve.

Steamworkshop Webupload Previewfile 197839984 Preview

He bypassed verification

“To exploit the vulnerability, it was necessary to make only one request,” said Moskowsky. “I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.”

After he discovered it he reported the major bug to Valve back on August 7, who went to fix it instantly. Within three days of him reporting it to Valve, they gave him a $15,000 “finders fee” plus $5,000 as a bonus. He has actually found 19 other bugs for Valve before but those payouts were about a couple hundred dollars each. This one tops the motherload though and I hope he gets some good karma out of that (and enjoys his $20,000 payout). Bad news for those who are now finding out about it (and maybe wanted to take advantage) but good news for Valve’s bottom line.


PC Invasion is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author