Steam users warned after profile exploit discovered

XSS marks the spot.

Steam users have today been warned to be careful browsing Steam - an XSS exploit has been discovered which could threaten your account's security.


The issue's existence was made public by a mod on Steam's official Reddit, and Steamdb has also confirmed the exploit to be worth taking note of - at least until Valve wakes up and fixes it.

Steam users are warned to be careful opening any profile pages on the service, and to ignore any suspicious links.

The exploit takes advantage of Steam's XSS (cross-site scripting) code which can be exploited to let others inject their own code. Anyone with the right know-how could harness your profile to perform actions on your behalf.

Anyone who thinks they may have been affected should change their password, enable a mobile authenticator - and scan their system for malware.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (33)

About the author

Tom Phillips

Tom Phillips

News Editor

Tom is Eurogamer's news editor. He writes lots of news, some of the puns and all the stealth Destiny articles.


Digital FoundryNvidia GeForce RTX 2080 Super review: evolution, not revolution

More cores, more frequency and improved RAM - but just how much faster is it overall?

FeatureThe six-year story of GTA Online's long-vacant casino

The most-requested, most-rumoured location in GTA5 finally opens its doors today. What took so long?

Nintendo faces Switch Joy-Con drift class action lawsuit

UPDATE: "We take great pride in creating quality products," company responds.

Digital FoundryAMD Ryzen 7 3700X review: can gaming performance compete with Intel?

Team Red's best value eight-core chip takes on the Core i7 9700K.

You may also enjoy...

Comments (33)

Comments for this article are now closed. Thanks for taking part!

Hide low-scoring comments