Over night it looks like a Steam bug that let users reset passwords for accounts they do not own was discovered and fixed, though not without it costing a few streamers their accounts for a number of hours. The bug required knowledge of the username of the account, hence why community figures with publically known information were the most effected.
Via Reddit, here’s how it worked:
Valve have since fixed the issue and those with Steam Guard enabled – the additional layer of protection that e-mails you a code whenever your account is logged into from an unknown device – merely lost access rather than exploiters actually getting into their accounts. Still quite the foul up and a reminder that single misplaced lines of code can shutdown the majority of our game collections.
There is a five-day trade ban put onto every account that changes e-mail or password, to prevent this sort of issue costing users hundreds of e-bucks in lost items. It triggered as it should, though now those players that were effected can’t trade anything for another four days, even after getting their accounts back.