This 16-year-old hacked into Steam to promote his rather silly game on its system
A 16-year-old hacker exploited vulnerability in Steam and went on to publish his 45-second-long ‘game’ onto Steam without a single person at Valve setting eyes on it.
Ruby Nealon, who created the game called Watch Paint Dry, is a game about watching paint dry. It made its way onto Steam without going through Greenlight or acquiring an elusive Valve stamp-of-approval. Thanks to Nealon, the vulnerability he exploited has now been fixed.
He helped them fix this backdoor into Steam, which was his agenda from the start.
“I have been in contact with Valve who have now fixed the vulnerability”, wrote Nealon at the end of his post. “TL;DR?—?I was responsible for Watch paint dry. Getting caught was part of my plan. It’s just a prank, bro!”
“Something I’ve definitely learned from doing this is when working with user-generated content that first needs to be approved, do not have “Review Ready” and “Reviewed” as two states of existence for the content. Instead, maybe take an approach where the review of the item has an audit trail by giving each piece of content a “review ticket” or something similar and not allowing the content to switch to the Released state until there is a review ticket for the content. Or just don’t allow users to set the item to “Released”.