Valve solves an XSS Exploit problem in eight hours, within Steam that could redirect to fake third-party pages with the intention of robbing users of their credit cards.
The Valve company has quickly solved an XSS Exploit regarding Steam profiles, which would have allowed certain attackers to redirect users to different web pages, who have been fraudulently using Steam funds and logos or changing pages. at will, adding elements that shouldn't be there. This problem has been revealed on Reddit, about eight hours ago by user R3TR1X.
According to reports, Valve would not have responded to any of the tickets generated to obtain information about this problem, but would have fixed it. R3TR1X would have opened another thread referring to this section, reporting that the problem would have been solved after eight hours, since this security flaw was made public. In Reddit, more information about the problem would also have been given.
Valve, by its volume, is a photo for all kinds of attacks, such as phishing. The service allows the association of credit cards and this is an ideal photo for fans of the alien 2.0. You have to be very careful with phishing, since not only Steam receives attacks of this type, growing platforms such as Netflix can also suffer this type of attack, in order to obtain users' credit cards.
It should be noted that Valve is not the first time it has faced problems with XSS Exploits. There are precedents in 2011, 2014 and 2016. The problem is so recurrent, that the managers of SteamBD, which has no direct relationship with Valve or Steam, but offers information about the service, added a plugin in 2015 to notify people quickly any problem with exploits.
It is important that the Steam security team act as quickly to keep user data as safe as possible. It should be noted that anyone who finds a security problem can contact the company and thus solve the error. We must highlight the fast speed and Valve in this performance.
Source: TomsHardware