- The group known as The Secret Club has revealed a dangerous exploit in CS:GO and other games based on the Source engine;
- Hackers can gain player data by inviting players to Steam and hosting their own servers;
- According to Secret Club members, Valve has known about the problem for a long time and didn't react.
It seems that Valve has another problem with Counter-Strike: Global Offensive. Yesterday, we learned about a dangerous exploit that was disclosed by The Secret Club, a non-profit reverse engineering group.
One of its members had already informed Valve about the danger two years ago, but nothing has been done about it until now. The exploit can be used via a Steam invite - it enables hackers to gain access to virtually all of our data - simply by accepting the invite, malicious code will be executed on our computer, giving the attacker access to sensitive information ranging from passwords to CS:GO skins. We urge caution when receiving invitations to Steam from unknown people.
The bug is related to a vulnerability in remote code execution that affects Source engine-based games such as Team Fortress 2.
Another problem is that hackers can host their own community server and thanks to a special code use it as a tool to steal passwords and skins or even infect players' computers with malware, so you should be very careful when using unofficial servers.
The situation is worrying, especially since Valve has so far blocked the possibility of making this information public, according to members of the group. No announcement from the company has been made so far, but the media hype surrounding the exploit should prompt Valve to respond appropriately.
- Counter-Strike: Global Offensive - official blog