A man found a bug on Steam that allowed him to auto-generate an infinite number of activation keys and Valve paid him $20,000 USD for the discovery!
Artem Moskowsky shared his story with The Register (via Eurogamer) detailing how he discovered the bug and how he got paid for his efforts. Moskowsky, a professional “bug hunter,” was browsing through the Steam developer site when he noticed an exploitable area in the API provided to developers allowing them to gain license keys for their customers. He found that he could easily change certain parameters in the API request to generate license keys for any game
If he had wanted to, Moskowsky could have kept this knowledge to himself, generated a ton of keys, and sold them at discounted prices to any gamers looking to save a bit of cash. Instead, he decided to share his knowledge with Valve through HackerOne, a platform that connects companies with people like Moskowsky – bug hunters – and offers bounties for any vulnerabilities or exploits found.
As his HackerOne entry for the discovery shows, Moskowsky notified Valve of the problem on August 7th, and was almost immediately awarded $15,000 and a bonus of $5,000 for his finding just four days later on August 11th. The info regarding his report was only revealed publicly just recently.
Moskowsky specifically noted that he enjoyed working with Valve because the company is particularly efficient at rewarding bug-hunters for their time. With this in mind, it might not come as too much of a surprise that Moskowsky has actually worked with Valve in the past – in July, he actually found a bug that netted him a whopping $25,000 USD!
Featured Image Source: Alphr
