- The full source code of two Valve games: Counter-Strike: Global Offensive and Team Fortress 2 have been uploaded to the web;
- In both cases, this reveals, among other things, data about the Source Engine, which will make it easier to create cheats and find exploits, and can even be used to spread malware through Valve's titles;
- The source of the leak is to be a former collaborator of Tyler McVicker from the ValveNewsNetwork channel, who has established cooperation with Valve.
Leaks can be an interesting topic for the players, but for developers it's probably one of the biggest nightmares. It's bad enough when a leak "only" spoils a suprize planned by the developers. Worse when part of the game's source code leaks, let alone the whole thing. Unfortunately, Valve found out about it once again during the latest big leak. The full source code of Counter-Strike: Global Offensive and Team Fortress 2 has been uploaded to the Internet! Although in both cases we are talking about versions from 2017 (May and November respectively), it's hardly a consolation. It's doubtful that such age-old titles have been drastically changed in recent years, especially since neither of these games has received any revolutionary update at that time. This means that developers of in-game cheat programs will be able to create even more refined cheats.
But that's not the worst part. The players report that a serious vulnerability has been found in Team Fortress 2's code that allows malicious processes to be run remotely (RCE - Remote Code Execution). This information has not been confirmed for the time being, however we recommend not to run TF2 and CS:GO until the threat is resolved by Valve. Many fan projects have been suspended for similar reasons, including Creators.TF. We also advise you to follow reports on the use of data related to Source Engine (partially included in the source codes of both games), in such games as Left 4 Dead series and Garry's Mod.
Who is the source of this disastrous leak? The first reports indicated that it appeared on 4chan thanks to Tyler McVicker, who runs the popular ValveNewsNetwork channel. But apparently the case is more complicated, as explained by journalist Jaycie Erysdren on Twitter. According to her, the source of the leak was to be one of McVicker's friends from the Lever Softworks. The team is mainly involved in developing the canceled prequel of the Portal series, known as F-Stop.
However, just yesterday, the source was to be removed from the group for its "problematic behavior". (including racist and homophobic comments). Apparently in retaliation they decided to share the source code of Team Fortress 2 and Counter-Strike: Global Offensive. Where did they get it? Erysdren says the code came from a "mentally unstable individual", who, to harm Valve, sent the data to "many people" in May 2018. Tyler McVicker was not among them, but a few of his associates digged through both source codes in search of various curiosities. The account of Jaycie Erysdren was confirmed by Tyler McVicker himself. He also explained the circumstances of the case on Twitch, and is currently working with Valve's lawyers to remedy the situation.
Valve is no stranger to similar situations. More than 15 years ago, the company had to delay the release of Half-Life 2 after the game code was stolen. However, one could argue that the current situation is much worse. After all, a game before the release can be modified without the urgent awareness that someone can exploit such a leak to the detriment of buyers. A small consolation is the intriguing conversation from 2016 between McVicker and an alleged Valve employee, which appears in the leak. We learn from this conversation about Valve's plans to buy out Hideo Kojima (before the company's offer was outbidden by Sony) and the reasons why Valve was unlikely to invest in single-player titles at the time (in a nutshell: Dota 2 was supposed to earn more in one quarter than all single-player games in its first year combined). You can find the full content of the conversation on Pastebin.
Last update: 2020-04-22