If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Steam users warned after profile exploit discovered

XSS marks the spot.

Steam users have today been warned to be careful browsing Steam - an XSS exploit has been discovered which could threaten your account's security.

The issue's existence was made public by a mod on Steam's official Reddit, and Steamdb has also confirmed the exploit to be worth taking note of - at least until Valve wakes up and fixes it.

Steam users are warned to be careful opening any profile pages on the service, and to ignore any suspicious links.

The exploit takes advantage of Steam's XSS (cross-site scripting) code which can be exploited to let others inject their own code. Anyone with the right know-how could harness your profile to perform actions on your behalf.

Anyone who thinks they may have been affected should change their password, enable a mobile authenticator - and scan their system for malware.

Topics in this article

Follow topics and we'll email you when we publish something new about them.  Manage your notification settings .

About the Author
Tom Phillips avatar

Tom Phillips


Tom is Eurogamer's Editor-in-chief. He writes lots of news, some of the puns and makes sure we put the accent on Pokémon.

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Explore our store
Eurogamer.net Merch