Steam users say that some profile pages were attempting to phish other people through malicious code.
Phishing refers to the act of using fraudulent log-in pages to trick people into giving away personal information. Usually this requires the user to click a link, but the reported phishing attempts on Steam instead involved profile pages being redirected automatically through the use of malicious code. This threat affected people using Steam on browsers, including the ingame Steam browser. A user on a Steam forum thread about the issue went into more detail.
Moderators on r/Steam have said they reproduced the steps it takes to injects your profile with such a code, and sent them to Valve. In the meantime, they urged users not to click on Steam profile links for now. Users should also make sure to double check URLs when doing anything involving your username, password or other sensitive information.
The mods at r/Steam say the issue has now been fixed, and have posted a thread detailing the method of the exploit.
We contacted Valve about the issue but they did not respond in time for publication.
Comments
4 responses to “Users Say The Latest Steam Scam Is Profiles With ‘Malicious Code’”
Joke’s on the hackers, I have no friends on Steam.
known that for about 1-2 years now
Always check the URL for https://
The ‘s’ after ‘http’ stands for secure
All the S does is indicate that the data travelling between your PC and the host is encrypted, which will only stop your data from being intercepted on route. If the host happens to be accessed via a link that you have either intentially or unintentially clicked on leading to a spoof website made up to look like the one you are expecting, and then there you enter your Steam username and password, the S in your hyperlink will do absolutely bupkis to protect you.