Steam users say that some profile pages were attempting to phish other people through malicious code.
Phishing refers to the act of using fraudulent log-in pages to trick people into giving away personal information. Usually this requires the user to click a link, but the reported phishing attempts on Steam instead involved profile pages being redirected automatically through the use of malicious code. This threat affected people using Steam on browsers, including the ingame Steam browser. A user on a Steam forum thread about the issue went into more detail.
Moderators on r/Steam have said they reproduced the steps it takes to injects your profile with such a code, and sent them to Valve. In the meantime, they urged users not to click on Steam profile links for now. Users should also make sure to double check URLs when doing anything involving your username, password or other sensitive information.
The mods at r/Steam say the issue has now been fixed, and have posted a thread detailing the method of the exploit.
We contacted Valve about the issue but they did not respond in time for publication.