Valve fixes Steam security exploit

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

A warning went up on the Steam subreddit earlier today cautioning Steam users—so, pretty much all of us—to avoid opening profile pages of other users, and also their own activity feeds. The message is intentionally vague to help avoid spreading details about the exploit and how to use it, but it was posted by a subreddit moderator, while another mod says he's "investigated and created proofs of concept for this exploit." 

"Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium)," the warning says. "I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser." 

A Valve rep said that a fix has now—as of about 12:05 pm ET—been published, so the problem should be taken care of. If you think you were caught by the exploit before the fix went live, the message says you should change your Steam password, enable the mobile authenticator (which you really should be using anyway) or, if you already use it, go into the settings and de-authorize any other computers on Steam Guard, and then restart your modem or change your IP. A full scan of your system with a malware/anti-virus scanner probably wouldn't hurt either. 

Details of the exploit, which we can talk about now that it's been fixed, are available here.

Update: The post initially warned that a client update was required. It was in fact an issue with the Steam website.

Image credit: DiglidiDudeNG