Steam users warned after profile exploit discovered

XSS marks the spot.

Steam users have today been warned to be careful browsing Steam - an XSS exploit has been discovered which could threaten your account's security.


The issue's existence was made public by a mod on Steam's official Reddit, and Steamdb has also confirmed the exploit to be worth taking note of - at least until Valve wakes up and fixes it.

Steam users are warned to be careful opening any profile pages on the service, and to ignore any suspicious links.

The exploit takes advantage of Steam's XSS (cross-site scripting) code which can be exploited to let others inject their own code. Anyone with the right know-how could harness your profile to perform actions on your behalf.

Anyone who thinks they may have been affected should change their password, enable a mobile authenticator - and scan their system for malware.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. Read our policy.

Jump to comments (34)

About the author

Tom Phillips

Tom Phillips

News Editor  |  tomphillipsEG

Tom is Eurogamer's news editor. He writes lots of news, some of the puns and makes sure we put the accent on Pokémon.


You may also enjoy...

Supporters only

Comments (34)

Comments for this article are now closed. Thanks for taking part!

Hide low-scoring comments

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer Merch
Explore our store