It’s been a bad day on Steam, as a nasty exploit has been lurking on the site – not for the first time – ready to trap the unwary and compromise their accounts. But the good news is that Valve has literally just patched the flaw with a swift response.
To be specific, this was an XSS exploit (cross-site scripting) which, as Eurogamer spotted, was initially highlighted by a moderator on Steam's official Reddit around eight hours ago.
The vulnerability let malicious parties inject their own code in order to compromise your account – potentially allowing an attacker to perform actions on your account that don’t need the password reconfirming, or they could attempt to redirect you to a phishing site to grab your login details.
Profile pitfall
According to the mod in question, this was triggered just by viewing a dodgy profile page, or your own activity feed, but both these areas have now been patched up and fixed.
However, if you’ve been clicking around Steam profiles earlier today, that could obviously be a worry. There’s no sure way to tell if you have been affected at this point, unfortunately, save for – obviously enough – odd things happening to your Steam account. Fingers crossed that isn’t the case.
February 08, 2017 at 01:57AM
Darren Allan
Tidak ada komentar:
Posting Komentar