If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.
It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.
The exploit was first identified on the Steam subreddit, described as such:
Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.
Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.
- AMD has a fix for Spectre variant II, but will motherboard makers support it?
- Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads
- Intel starts rolling out new Spectre firmware fixes, Skylake goes first
- In the fight to protect your PC and privacy, Firefox is on the front line
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs