Skip to main content

Steam community site suffers profile vulnerability but Valve makes quick fix

steam community site suffers profile vulnerability steamdev
If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.

It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.

The exploit was first identified on the Steam subreddit, described as such:

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.”

Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.

Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
No, Valve’s rumored SteamPal won’t be a Nintendo Switch killer
how to play steam games on android valve link v2

A Nintendo Switch killer may be in the works … or another attempt at one, at least. Ars Technica reports that Valve is working on a portable console code-named SteamPal.

Details on the rumored project are a little hazy. Ars Technica says that multiple sources confirmed that the hardware has quietly been in development for a while now. That report was backed up this week when SteamDB operator Pavel Djundik found references to the device in a Steam update.

Read more
Your Dell laptop might have a security vulnerability. Here’s how to fix it.
dell new inspiron laptops take xps design lineup 2021  1

After a security research firm discovered a security vulnerability that could give hackers access to your laptop, Dell is taking action with a fix. Impacting hundreds of millions of laptops across more than 380 models (including XPS, and Alienware) released since 2009, there are now more ways than one for you to address the urgent issue.

At the heart of this problem is a driver that Dell's laptops use to handle firmware updates. According to a Dell support page, this driver comes packaged with Dell Client firmware update utility packages and software tools, and a vulnerability within it can "lead to escalation of privileges, denial of service, or information disclosure."

Read more
Valve pushes back summer Steam Game Festival by one week
Steam Game Festival: Summer Edition

The Steam Game Festival: Summer Edition, which was originally set to run from June 9 to June 14, has been delayed by one week, with Valve reportedly not keeping in touch with publishers and developers regarding the date change.

The summer Steam Game Festival will feature titles that are expected to launch over the next year, with free, limited-time playable demos and interactions with their developers. The event is part of the Summer Game Fest, a four-month digital gaming festival that was organized by The Game Awards founder and showrunner Geoff Keighley.

Read more