There’s a Steam situation. Well, there was a Steam situation. It’s been fixed, but some people might still be feeling the aftereffects, so here we go. There was a bug that allowed people to steal an account using the password recovery system.
With this loophole, anyone who knew someone else’s Steam account name could get into their account. All they’d have to do is choose a password reset and go through the motions. After choosing to have an email with a reset code sent to the email tied to the account, all someone would have to do is click the “Continue” button on the page asking you to input a recovery code. You didn’t need to enter anything. Pressing continue would let you get in, change the password, and take the account.
Naturally, because this is the internet, people took advantage of the flaw. Valve has responded, found the problem, and is resetting passwords on accounts with suspicious behavior. People who may have been hacked will be sent a new password. That is, unless they had Steam Guard, which features its own (bug-free) e-mail authentication whenever a new IP address logs into an account.
I guess the moral of the story is: always use Steam Guard.