User profiles on Steam to exploit them for purchases and phishing’

User profiles on Steam to exploit them for purchases and phishing’

Photo: Valve

Gamesplatform Steam is affected by a large-scale vulnerability. By the profile of a Steam-user to visit, on the background secretly, the processes are carried out.

Discovered that visitors from Reddit. Steam administrator, the Valve would by now have been notified of the vulnerability, but has not yet officially responded.

A user can have his profile on Steam, so that there is a specific JavaScript code in the background is present. This code is automatically executed as a victim of this profile visit.

The code can be exploited, for example, phishing, to a user automatically by sending it to a malicious login page. Entered user information is then sent to the attacker sent.


It would also be possible to make money in the Steam Market wallet of the victim from within the gameswinkel. Here would be the victim at any time of be informed. Because the Market uses money that the user in a separate wallet, there is no confirmation button to be pressed.

s of pages within a Steam profile, according to the explorers to be fully customized, allowing cybercriminals free to pages within the Steam browser to put together and to show.

Address bar

Visitors of Steam by a web developer is advised to the options of the gameswinkel the address bar to turn it on. This is the link of a visited page will be displayed, which could show whether it is a phishingpagina.

Users would the discovered vulnerability can only work around it by temporarily not using user profiles within Steam to visit.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular