CS:GO Exploit Allows Hackers to Steal Steam Passwords: How to Protect Yourself
- A critical exploit has been publicly revealed by 'The Secret Club' that affects all source engine games, CS:GO being the most vulnerable among them.
- The exploit can be triggered in various ways, the easiest of them being a simple Steam invite.
- Valve was allegedly notified about this critical exploit around 2 years ago but the issue has still not been patched.
News about a huge CS:GO exploit has surfaced recently which allows hackers to steal Steam passwords of users via a simple Steam invite. The information surrounding this exploit was allegedly brought to Valve’s attention 2 years ago, but the American video game developer seems to have not acknowledged this issue so far as the issue still exists today. So, finally on 10 April 2021, ‘The Secret Club’ who claims to be a “not-for-profit reverse-engineering group,” decided to reveal all the information they have about the exploit to the public while alleging that Valve prevented them from “publicly disclosing it”.
This CS:GO exploit can expose your Steam password
‘The Secret Club’ on 10 April revealed a lot of information about an exploit that directly affects all games based on the source engine. They had apparently found out about this exploit 2 years ago and had reported the same to Valve. Since then the information regarding the exploit was kept under wraps, so that Valve could acknowledge this issue and patch it.
Unfortunately, it seems that even after a 2 year period, Valve has simply ignored the issue because the exploit still works to this day and on top of that, the game developers were allegedly preventing ‘The Secret Club’ from publicly disclosing information surrounding this massive exploit.
How does this CS:GO exploit work?
This critical exploit is not limited to only CS:GO, it actually extends to “all source engine games” and it can be easily triggered through a Steam invite, be it for a game or an item trade. Once the user accepts a malicious game invite, the hacker can instantly use a “remote code execution flaw” and gain access to the user’s complete system, this includes local data on the system and running or closing any program.
However, this is not the only way this exploit can be used. An alternate method is for the hackers to host a community server or bug an existing custom map within the Steam Workshop. Upon joining the malicious community server or when running the custom map, once again ‘remote code executions’ will be sent to everyone on the server.
Then a pre-written script can be automatically executed to steal everyone’s passwords, skins, sensitive information on the system, and even infect the hard drives of targeted systems with virus or malware.
How to protect against this CS:GO exploit?
At the moment, the only way to protect against this exploit is to decline any steam invite as soon as you receive them or simply ignore them and just let them be. The ‘remote code execution’ will only trigger is the malicious Steam invite has been accepted, declining it will not give hackers any access to the system, and simply ignoring it is also a viable temporary solution.
As per a statement on the National Vulnerability Database (NVD), “Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.”
Incoming friend requests can be accepted, declined, or ignored, as deemed free by the users because the exploit can not be delivered via a ‘Steam Friend Request’. Also, temporarily uninstalling all the ‘Source Engine’ based games is another way to protect oneself from this critical exploit.
The above exploit is still possible as Valve has allegedly not resolved it since being reported around 2 years ago. This is a huge risk to all the users who owns even a single “source engine game” via Steam, installed on their systems. The CS:GO community seems to be the most vulnerable and have expressed their concern on the issue via social media.
But the biggest disappointment has been expressed towards Valve, who have apparently led the community down big time, by allegedly letting such a huge exploit remain unpatched for such a long time. Valve has also not officially commented on the matter yet, and for the time being, users should be wary when booting up CS:GO or any other source-based game.