The above video shows how a user was able to access someone’s Steam account with only the username. This came as a surprise because usually Steam’s security is pretty tight, in fact it’s sometimes so tight it gets annoying. However this process came as scarily simple, basically, the authentication process needed to change an account password could be bypassed by simply ignoring it and clicking “continue” without entering the password change verification code. This means that if someone had your Steam username (and were aware of the exploit) they could have accessed your Steam account in a few clicks.
Valve responded to the media with the following:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.We apologize for any inconvenience.
If you received an email from Valve asking you to change your Steam account’s password, this is why.