Sold [PSA] Steam Profile Exploit - Profile Pages & Activity Feeds @ RISK

Discussion in 'Steam Games/Gifts for Sale - Buy & Sell' started by /u/bazzingabear, 2/8/17.

Thread Status:
Not open for further replies.
  1. /u/bazzingabear

    /u/bazzingabear
    Expand Collapse
    High Risk Status: This user has been flagged as high risk due to one or more reasons

    0   0   0

    Online
    Update: This exploit has now been fixed ; profiles are safe to visit now. Activity feed has been fixed as well.


    Quoting a moderator of #/Steam:

    Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.


    Quoting another moderator of #/Steam:

    With the right know-how a malicious user could do these actions for example, and you only need to view a Steam Profile:


    • Redirect you to any non-steam page, for example a phishing login page. From a user perspective it is you going to a legitimate Steam profile, then you see a login page. Seems legit right? Pop in your info. You didn't click anything suss so it's no big deal.


    • Utilize scripting to use your Steam Market funds on any item the malicious user chooses, you wouldn't even need to confirm anything as you're on a valid login session.


    • Manipulate elements on the page as they see fit.
    PLEASE Ensure that you are triple-checking the website URL before doing anything with your sensitive information.

    Go into your Steam Settings and enable "Display Steam URL Address Bar When Available", and triple-check. Also try to avoid viewing profiles of anybody you're unfamiliar with.

    DO NOT DISCUSS OR EVEN HINT AT HOW THE EXPLOIT WORKS.

    DO NOT POST PROFILE LINKS HERE THAT YOU FIND SUSPICIOUS.

    If you notice any unexpected behavior, change your Steam password, enable mobile authentication (if you haven't already done so) and de-authorize all devices. You may also wish to scan your computer for malware.
    # #/bazzingabear
    # .
     
    #1 /u/bazzingabear, 2/8/17
    • This user is inactive. Hasn't logged into their account in over 60 days.
(You must log in or sign up to post here.)
Thread Status:
Not open for further replies.
Copyright © 2024, All Rights Reserved