Image Credit: Bethesda
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Hacker used a prank to point out a security loophole on Steam Greenlight.
Category:
News

Watch Paint Dry — How young hacker hacked through Steam Greenlight

Hacker used a prank to point out a security loophole on Steam Greenlight.
Image of StratGamer48
StratGamer48
|

Published: Apr 5, 2016 06:21 pm

This article is over 8 years old and may contain outdated information

No, Watch Paint Dry is not a real game that passed Steam Greenlight, and it is not a photoshopped picture for April Fool’s Day because it happened on March 29th. The game is a result of a security loophole in Steam that allowed people to skip protocol and post a game.

Recommended Videos

Before I explain this particular Steam loophole, let me first describe how Stream Greenlight works. The Steam Greenlight program allows game developers to submit and sell their games on Steam. Before Steam releases the game, game developers must pay $100 USD, so it can weed out any non-professional developers who don’t think their game can meet the break-even point of $100. Then, developers need to earn the approval of the Steam Community to pass the Steam Greenlight. It can be a long waiting period depending on the community. After these two steps, the game can finally be released in Steam. Lastly, developers and Steam will share their revenue and Steam will help the developers to do the marketing. 

Back to the topic. A clever young hacker named Ruby, a blogger on Medium who researches of security loopholes, managed to skip the $100 dollar and Steam Community portions of the process and submitted his “game” Watch Paint Dry on Steam a few days before April Fool’s Day. Just like other games on Steam, it has a trailer, screenshot, description, and feedback. 

Screenshot of Watch Paint Dry

In his Medium article, Ruby said he got a Steamworks account from Steam. This is an account for developers who develop and sell their games on Steam. People who hold these accounts are the backbone of Steam. He did not reveal how he got it, but as soon he got into the “club”, he just changed some codes and was able to release his game. Of course, in the end, Ruby got caught and Watch Paint Dry was quickly taken down. This was a part of his plan, too. His plan was to notify Valve of their security loophole.

Hacker being invited and granted access to Steamworks 

Today, high-tech companies like Google, Facebook, and Microsoft have a bounty system for these “white-hat” hackers who report loopholes to the company. Some of them even considered this to be a full time job with an accompanying high salary. This can be a great way of “submitting your resume” to a high-tech company and proving your coding skills.

 

Post Tag:
bugs
steam games
steam greenlight
valve
GameSkinny is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
related content
Related Content
Author
Image of StratGamer48
StratGamer48
False