James Lucas is an Executive Editor from Newcastle, England. They have written for sites like IGN, NME, GaymingMag, and VG247, with a special focus on FPS games, Soulslikes, and survival horror.
“Somehow, an hour ago, someone logged into my account and reset it to zero”. This is the last thing you want to see over the holidays: hours upon hours of progress erased by a complete stranger. Yet this is what has plagued the Escape from Tarkov community over the last 24 hours, as similar posts can be found scattered throughout the forums and across social media, all thanks to a major oversight on BSG’s part.
One of the hackers, @Chilljones1125, explained that all they did was alter the Steam reply URL to the ID of the account they wanted access to. No hacks, just a firewall made out of foam blocks. This works because the verification system does not correctly validate the digital signature or response returned by Steam, leaving Escape from Tarkov accounts wide open.
According to Tarkov-Changes creator LogicalSolutions, BSG is aware of the problem, as thousands of hours of progress have been deleted through the power of copy and paste; “The website is under maintenance. Clearly this is/was a vulnerability on the website allowing people to make changes on other’s profiles. Hopefully BSG is able to rollback all of the accounts affected.”
It Might ve Been Patched Already
Twitch streamers are being hit especially hard, as everyone from BAXBEAST to Dr Lupo and Insanesqt have experienced wipes. However, even as high profile creators voice frustration at the issue, BSG has remained quiet on social media, leaving many confused as to what exactly is happening.
For now, your safest option is to unlink your Steam and Tarkov accounts, making it impossible to take advantage of the exploit. However, some players report that it has been patched, so the worst may already be over.
“I attempted to do it myself with my own accounts and it did not work so I think it may have been patched,” LogicalSolutions said. “It was a very easy exploit on the website. No data was breached, nobody had their password or other info leaked minus parts of their email address.”
Learn how these incidents unfold and why they matter by subscribing to our newsletter for focused coverage of account-security issues like this Steam verification exploit — concise explanations, credible context, and practical mitigation discussion.
By subscribing, you agree to receive newsletter and marketing emails, and accept Valnet’s Terms of Use and Privacy Policy. You can unsubscribe anytime.
Until BSG clarifies the situation, it’s still worth taking precautions to be safe, as whether the wipes can be reversed remains up in the air.
We want to hear from you! Share your opinions in the thread below and remember to keep it respectful.
Please respect our community guidelines. No links, inappropriate language, or spam.
