Skip to main content
  1. Home
  2. Computing
  3. News

Steam community site suffers profile vulnerability but Valve makes quick fix

By

steam community site suffers profile vulnerability steamdev
Image used with permission by copyright holder
If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest place to be.

It appears that the Steam community site suffered from an exploit involving user profiles that could redirect users to alternate pages and download PHP code, Ars Technica reports. Valve was able to fix the exploit soon after it was announced, but not before a number of people had created profiles that exploited the vulnerability.

Recommended Videos

The exploit was first identified on the Steam subreddit, described as such:

Related

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.”

Since that post was first created, Valve was able to fix the exploit and was able to classify Steam profiles and activity feeds as safe to visit. The exploit was subsequently explained in full in a follow-up Reddit post. Steam has more than 125 million users and any exploit on the Steam community site could have serious repercussions.

Apparently, the chances of long-term problems caused by the vulnerability were slim, but nevertheless, anyone who might have suffered from the exploit while it was live is recommended to turn on two-factor authentication, keep up with Valve’s official channels for more information, and, of course, change their Steam password.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Valve’s Steam Deck will finally launch in late February
A player using a Steam Deck on a couch.

Valve announced that its Steam Deck will launch on February 25, roughly one month from today. On that date, those who reserved a Steam Deck will have the opportunity to complete their purchase, with units shipping to customers starting on February 28. Valve did not mention when or how Steam Decks will be available for general retail sales.

According to a news post on the Steam website, the process will start with Valve sending out emails to those who made the earliest Steam Deck reservations. Those customers will have 72 hours to complete their payment. If they decline, the company will move on to the next person in the reservation line.

Read more
Valve reveals which games are verified for the Steam Deck
Factorio running on a Steam Deck.

With Steam Deck expected to reach the hands of customers sometime next month, Valve is publicly labeling which games will and won't work on the mobile PC.

Valve currently has four game classifications on the Steam Deck, with "verified" meaning that players will be able to play a game seamlessly, while "playable" games will require the user to make some changes. A decent number of Steam's games will also be unsupported on the Steam Deck, namely all VR titles listed on the online games marketplace.

Read more
The Steam Deck won’t have any exclusive games, says Valve
Steam's new handheld console, the Steam Deck.

When it launches next year, Valve's Steam Deck will be able to run a suite of PC games, none of which will be exclusive to it. The mobile console, which is really more of a handheld Steam machine, won't have any exclusive games according to Valve.

In a beefy FAQ section for developers, Valve says it won't support exclusive games on its upcoming console. "No, that doesn't make much sense to us," reads an FAQ answer. "It's a PC and it should just play games like a PC." In short, don't expect a "killer app" that's only available on the device.

Read more