Steam has acknowledged that a password-reset exploit compromised numerous accounts, according to Kotaku.
The exploit has since been resolved and the service has forced password resets on accounts showing suspicious activity.
The exploit lasted from Tuesday, July 21st– Saturday, July 25th, according to Steam.
Accounts using the service’s two-factor authentication feature “Steam Guard” were not exposed to the vulnerability, according to Valve.
“Please note that while an account password was potentially modified during this period, the password itself was not revealed.”
-Valve, in a statement