Euro Truck Simulator 2 developer gets one-year Steam ban for demonstrating security flaw

Andy Chalk at

A big update to Euro Truck Simulator 2 is adding three new cities to its lineup of places you can keep on truckin' through, as well as truck-specific speed limits to the GPS route adviser and the hotly anticipated "Seat Adjustement" feature. But perhaps even more interesting than any of that is that Tomas Duda, one of the developers on the game, was banned from Steam for a year for using a "Daily Deal" announcement to bring a potentially serious security vulnerability to Valve's attention.

If you hit yesterday's announcement that Euro Truck Simulator 2 was the Steam Daily Deal, you might have found yourself redirected to an unexpected place: the Harlem Shake video. The idea, according to Duda, was to force Valve to take notice of the security flaw in community announcements, and then fix it, but what happened instead was a one-year ban "for violations of the Steam Subscriber Agreement."

Duda said he went with the ill-advised Harlem Shake redirect after talks about the vulnerability with "a Valve guy (a) few months ago" went nowhere. "I was talking about the script tag vulnerability multiple times. No one fixed it. Now I did Harlem Shake for fun (yay for #steamdb)," he wrote. "Imagine if someone used the vulnerability to steal users' session IDs? Redirected to a phishing site?"

He also claimed that he didn't want to make the vulnerability public, but said it's hard to avoid widespread attention when you post something funny. "People then just share it and it spreads," he wrote. "Had like 100 people at the time on the announcement page a few minutes after doing that."

Duda and his supporters are working on an open letter to Valve appealing the ban, and an "Unban Timmy" user group (in reference to his Steam ID) has also popped up. You can also keep track of his status at istimmystillbanned.info, which for now remains at an unhappy "Yes."