Our security philosophy

We recognize how important it is to help protect privacy and security. We understand that secure products and services are critical in establishing and maintaining trust with our users. We strive to consistently deliver secure and enjoyable experiences in all of our products and services.

Security includes everyone. Our Steam users, our developers, third party software developers and the security community. Working together we can all make Steam and the Internet safer.

Reporting security issues

Security of our networks and services is important for us and for you. We take it seriously. If you are a Steam user and have a security issue to report regarding your personal Steam account, please visit our Support site. This includes password problems, login issues, suspected fraud and account abuse issues.

If you have discovered a vulnerability in Steam and/or a Valve product or have a security incident to report, we encourage you to submit a report to our public security program at HackerOne - https://hackerone.com/valve. Our guidelines for responsible disclosure are also available through that program.

If the public security program is inapplicable to your situation, then you may instead send email describing the issue to security@valvesoftware.com. If you feel the need, please use our public key to encrypt your communications with us.

We believe in responsible security disclosure practices. In accordance with this we appreciate reporters privately notifying us of vulnerabilities and setting reasonable time frames for response and disclosure based on the severity of the issue. We believe this method provides the most secure environment for Steam users and the Internet at large.

We will respond as soon as we can to fix verifiable security issues. When notified of legitimate issues, we will acknowledge your report, begin investigating the issue and will work to correct any vulnerabilities quickly.

Hall of Fame

We would like to thank the following people for their contribution in ensuring the security of Steam and our applications:
  • Ruby Nealon (twitter handle _ruby) (2017)
  • Kenny Hietbrink (email Kenny at hietbr.ink) (2017)
  • Simon Pinfold (2016)
  • Florian Bogner(2016)
  • Zemnmez from zemn.me (2013-2015)
  • Ilja van Sprundel from IOActive (2014)
  • Fabien Chebel from heffebaycay.fr (2013-2014)
  • Brett Buerhaus (twitter handle bbuerhaus) (2014)
  • Shamil Yakupov (twitter handle shamilik) (2015)
  • Nathaniel Theis (2015)