Update: The exploit which let subversive Steamers inject code into Steam pages has been fixed. The eagle-eyes who spotted the security hole say it’s once again safe to visit profiles, activity feeds, and all that. If you’re curious, follow that link to discover quite how the exploit worked. Spoiler: it involved putting naughty code in the titles of guides.
Just be to safe, don’t go near any of Steam’s social pages for a bit. A group from the Steam subreddit say they have discovered an exploit related to Steam profiles, which could do some dreadful things. Even looking at your Activity feed could let people redirect you to non-Steam sites or even silently buy Community Market items with your Wallet funds. Valve haven’t commented on this yet but, for now, probably best to be safe. What’s the harm in not peeping on your pals for a while? Read the rest of this entry »