Steam community site suffers profile vulnerability but Valve makes quick fix

By Mark Coppock February 7, 2017

Image used with permission by copyright holder

If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.

It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.

The exploit was first identified on the Steam subreddit, described as such:

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.”

Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.

Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.

Topics

Computing Writer

Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…

Gaming

The Steam Deck won’t have any exclusive games, says Valve

Steam's new handheld console, the Steam Deck.

When it launches next year, Valve's Steam Deck will be able to run a suite of PC games, none of which will be exclusive to it. The mobile console, which is really more of a handheld Steam machine, won't have any exclusive games according to Valve.

In a beefy FAQ section for developers, Valve says it won't support exclusive games on its upcoming console. "No, that doesn't make much sense to us," reads an FAQ answer. "It's a PC and it should just play games like a PC." In short, don't expect a "killer app" that's only available on the device.

Gaming

Valve delays Steam Deck to next year, cites component shortages

Someone playing the Steam Deck.

Valve's Steam Deck has been delayed until February 2022, according to an email sent to people who placed a reservation on the handheld device. In the email, Valve apologizes for the delay and cites the global supply chain issues and material shortages that have been plaguing both consoles and GPUs since the start of the COVID-19 pandemic.

"Due to material shortages, components aren't reaching our manufacturing facilities in time for us to meet our initial launch dates," states the email sent to those with a reservation. The email did not provide information for those who want to purchase a Steam Deck but don't want to place a reservation. The current backups in the global supply chain and issues with part sourcing and manufacturing will likely also push back the date of widespread availability for the handheld.

Gaming

Valve is reviewing every game on Steam for the Steam Deck

Two players using Steam Decks to play Stardew Valley.

To make sure that players aren't disappointed once they finally have their Steam Decks, Valve has said it would test every single game on Steam for the handheld console. The statement comes as part of a larger post regarding the Steam Deck's verification process, which grades games based on their performance on Valve's console.

There are four grades that games can get, ranging from Verified, which means a game can simply be played on a Steam Deck with no issue, to Unsupported. While a large number of games will either be Verified or at least Playable, which means users can play the game after some tooling around with controller configuration, a solid chunk of Steam games will be completely unsupported. Specifically, Steam Deck users won't be able to tape the console to their heads and play VR titles, although that should be a given.