IsThereAnyDeal is a useful little web tool that tracks PC game prices across a variety of sources, including Steam and third-party resellers. You can log into the site via your Steam account, but hackers recently discovered a vulnerability that would allow them to access any IsThereAnyDeal account which makes use of a Steam login.
The vulnerability only affected IsThereAnyDeal accounts – your Steam account itself is safe – and has already been fixed. The folks behind the site say that they have no evidence any individual user accounts were targeted, and “believe” that only admin accounts were affected.
An IsThereAnyDeal account might include access to information like your email address, wishlist and game collection information, or profiles you’ve chosen to link to the service. So that’s not a whole lot of sensitive information, but if you make use of the Steam login feature you might want to double-check what info you’ve got tied to your account. You can choose to unlink your Steam account and switch to an email and password login, as well.
“Unfortunately, the bug was found in a very old code that was handling Steam login,” the admins say in their explanation. “We have no evidence this was ever found or used by anyone else until now.”
The devs add “We will look in more detail at our OpenId login implementation, consider using different libraries, and explore ways to implement two-factor authorization” in order to avoid future breaches.