Steam community site suffers profile vulnerability but Valve makes quick fix

steam community site suffers profile vulnerability steamdev
If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.

It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.

The exploit was first identified on the Steam subreddit, described as such:

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.”

Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.

Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.

Emerging Tech

Awesome Tech You Can’t Buy Yet: inflatable backpacks and robotic submarines

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Social Media

Instagram hackers are changing account info into Russian email addresses

Have you logged in to your Instagram lately? A hack circulating this month has Instagram users locked out of their accounts because a hacker changed all the profile data, according to a report.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Mobile

Samsung confirms the debut of its foldable smartphone isn't far away

Samsung has been showcasing bendable display tech for a few years now and a folding smartphone might finally become a reality. The Galaxy X, or perhaps the Galaxy F, may be the company's first example. Here's everything we know about it.
Product Review

Recent production woes make the Eve V a worse buy than it once was

Our Eve V review looks at a crowdsourced detachable tablet that checks some boxes for its backers. Its delay in making it to the market holds it back in some areas, and Eve Technology is an unknown quantity.
Computing

With Q#, Microsoft is throwing programmers the keys to quantum

Quantum computers aren’t yet practical, but Microsoft has already developed a programming language for them. Q# works inside Visual Studio, just like most other languages, and could offer a gateway into the weird world of quantum physics.
Computing

Art-inspired face blurring can obscure identity without losing humanity

Researchers have developed an AI-generated anonymity system that “paints” over video frames, using inspiration from masters like Picasso and Van Gogh to reimagine a person’s appearance. The goal is to minimize outer resemblance but…
Computing

Here's how to convert an MP4 to an MP3 file with online and offline tools

Sometimes you just want the audio without the video. In this guide, we'll show you how to convert an MP4 to an MP3 using web-based software and dedicated programs for both Windows and MacOS.
Computing

Crypto-intrigued? Here's how to buy Bitcoin for the first time

Is it time to purchase your first Bitcoin investment? If you're ready to get involved in the cryptocurrency, we'll walk you through how to pick an exchange, how to choose the right wallet, and how to buy Bitcoin the safe way!
Product Review

Dell's classic 4K P2715Q monitor still holds up today

The Dell P2715Q might not be the most modern of 4K displays, but its IPS panel, extensive connectivity, and easily adjusted stand make it more than competitive with the newest crop of screens.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Cars

Nvidia ‘more than happy to help’ if Tesla’s self-driving chip doesn’t pan out

After Tesla CEO Elon Musk announced the intention to use an in-house Autopilot chip, Nvidia CEO Jensen Huang responded to an analyst's question, saying that if the Tesla chip doesn't work out, he'd be more than happy to help.
Product Review

Dell's XPS 15 is the PC every laptop wishes it could be

Not everyone needs the power that a laptop like the Dell XPS 15 provides. But if you need a computer that can handle the heavy workload you use every day, the XPS 15 might be the best you can buy.
Product Review

Asus ZenBook 3 Deluxe (late 2017) review

As our Asus ZenBook 3 Deluxe (late 2017) review shows, adding an 8th-gen Intel Core processor to an excellent thin and light chassis makes for a great combination.