Let me first jump into Valve's defense, they didn't know about this vulnerability, got the report, and plugged the security hole in less than eight hours. However, the vulnerability (and it was a bad one!) could give malicious people access to millions of users/devices.

Tom Court from Contextis discovered this all, and he states that the vulnerability had existed for at least ten years. The vulnerability could have allowed potential attackers to access the computers of Steam users.

While not known if that ever happened as the vulnerability was not discovered before, the investigator reported the leak on February 20 this year. Steam rolled out an update in the beta version less than eight hours to plug the vulnerability. The vulnerability was fully remedied on 22 March. "It was a very simple bug," writes Court. "That was easy to abuse as modern security was lacking." Since July last year, the leak was already more difficult to abuse, because then additional security was added to Steam.

Check the video, it demonstrates an attacker remotely launching the Windows calculator app on a fully patched version of Windows 10.

Tom Court waited two months before publishing its findings so that users would have updated their Steam install. "The lesson is that developers have to check their software regularly to make sure they still comply with modern safety standards," said Court.

Check out what the security researcher Contextis writes.

Valve Patched Massive Vulnerability in Steam (that was there for 10+ years)