Why did Valve-owner Steam say it made a "mistake" turning a researcher away from its bug bounty program? Who was behind a backdoor that was purposefully introduced into a utility utilized by Unix and Linux servers? And why is Facebook coming under fire for its "Clear History" feature? Threatpost editors Lindsey O'Donnell and Tom Spring break down the top stories of the week that have the infosec space buzzing, including:

• A backdoor that was intentionally planted in Webminin 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
• A researcher disclosing a zero-day vulnerability (the second in two weeks) for the Steam gaming client after he said he was barred from the bug bounty programof Steam's owner, Valve.
• Facebook being met with vitriol after users discovered its "Clear History" feature, rolled out in some countries this week, wasn't what they had thought.