A group of white hat hackers known as the Secret Club recently took to Twitter to point out what seems to be a critical security flaw, found within Source 3D, the game engine of Valve’s popular Counter-Strike: Global Offensive (CS:GO).
According to the group, the bug can be exploited by less-than-savoury hackers to trick gamers who play the game, by sending them a fake Steam invite. Upon accepting the invite, the hackers can then proceed to take over a user’s PC or laptop, effectively locking them out of their machine.
While the existence of the bug is troubling, it isn’t the most alarming aspect of it. Secret Club says that the exploit was reported by one of its members, Florian, back in 2019. Florian said that they had reported the bug to Valve via HackerOne, a bug bounty platform used by the studio that owns Steam. Florian was paid the bounty for its discovery but as per the report, the bug is still there. And it seems that little or next-to-nothing has been done about it.
To that end, the Secret Club accuses Valve of ignoring the problem outright, even after a more recent report this month was filed once more. At the time of writing, Valve still has not commented on the matter.