Not too long ago, I saw an announcement on a group I know called 'GmodTech'. This announcement stated that "An exploit was found on Steam Community Profile pages, we recommend to not visit any until this is fixed". The source was a twitter post by SteamDB which said that it was an XSS exploit in which evil people could use it to send trade requests, edit your profile, by stuff on the market, and more.
Announcement:
[IMG]http://i.imgur.com/GOqxhYr.png[/IMG]
Twitter Source:
[IMG]http://i.imgur.com/3YtH2OY.png[/IMG]
From what others have said, stay away from profiles of other accounts until this problem is fixed. Even if some weird person you never even met adds you, and he wants you to check his profile. This exploit was just like the one in 2012. What it does like before: [URL]https://www.youtube.com/watch?v=UPnMzHiRiK8[/URL]
It's been a good while since cross site exploits were happening to big websites.
IMO Valve needs a better security reporting. Imagine if they had CS:GO weapon skins as the monetary reward, all the Russian hackers would jump on that.
Well everyone, It appears that the XSS exploit has been fixed right away. Carry on people!
[IMG]http://i.imgur.com/PHZb8Gf.png[/IMG]
Sorry, you need to Log In to post a reply to this thread.
