Malicious Steam Exploit Circulating

Please wait...

Published by Serio 1 year ago , last updated 10 months ago

This is a bit of a Public Service Announcement - there's currently a rather malicious and dangerous exploit making the rounds in the Steam community these hours. Details haven't been published, but according to those with knowledge of it, it allows a malicious user to redirect anyone who visits their Steam profile to a phishing website, bypassing any and all notices.

Update: The problem has now bee partially fixed, but the activity feed is still exploitable. A follow up thread on reddit here advises how the exploit was done - Javascript was being parsed on users profile pages if placed inside a guide's name / description, and hackers were taking advantage of this to redirect users and phish their details - quite a big error on Valve's part, I would say.

Additionally, the warning extends to merely visiting these profiles. The extent of this exploit is yet unknown, but it seems to be a particularly nasty one. So for the time being, it's advised that users refrain from visiting any profiles on the Steam Community, click on any links pertaining to the Steam Community, and keep updated in the Reddit thread linked below.

Stay safe out there.

Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.

Comments on this Article

There are no comments yet. Be the first!