Valve reassures gamers after CS:GO and Team Fortress 2 source code leak

The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked today and published on the Internet for anyone to download.

The initial report made by Steam Database on Twitter says that the leaked source code is dated 2017/2018. Per the same report, Valve previously made available the TF2 and CS:GO source code to Source engine licensees.

After being accused of being the one behind the leak, Valve News Network founder Tyler McVicker claimed during a live Q&A on Twitch that a person he knows is responsible and that the source code was leaked in a 4Chan thread.

"The Code that has leaked today originally leaked back in late 2018, which I was aware of, and contacted Valve to warn them about," he said on Twitter.

However, according to McVicker, another person is behind today's leak, a former member of the Lever Softworks Source Engine Modding community.

Source code for both CS:GO and TF2 dated 2017/2018 that was made available to Source engine licencees was leaked to the public today. pic.twitter.com/qWEQGbq9Y6

— Steam Database (@SteamDB) April 22, 2020

Valve asks gamers to play on official servers

Valve confirmed the leak in an official statement sent to BleepingComputer and is asking gamers to keep playing as there is no reason to be alarmed.

"We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018," a Valve spokesperson told BleepingComputer.

"From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security).

"We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page describes how best to report that information."

Increased chance of new exploits and cheats being developed

Meanwhile, the repercussions of this leak are not yet known, with gaming communities having shut down and players being afraid to play the two games.

Some of the gaming community have already recommended their members to avoid playing TF2 until Valve's official statement fearing remote code execution exploits already having been developed to target players.

At the moment there is no proof of an RCE exploit for TF2 and some say that these rumors are most probably "fearmongering by a cheat developer."

However, with the source code at their disposal (as old as it is), hackers and cheat developers now certainly have a lot more tools in their quest to create exploits and cheats that could make playing the two games a dangerous and annoying endeavor.

Valve game security issues and leaks

These wouldn't be the first Valve games exploited by attackers to infect players with malware through security flaws found in the game client.

Last year, Dr. Web researchers discovered 39% of all existing Counter-Strike 1.6 game servers were being used by malicious actors in attempts to infect players with the Belonard Trojan botnet by exploiting game client vulnerabilities.

"According to our analysts, out of some 5,000 servers available from the official Steam client, 1,951 were created by the Belonard Trojan," the researchers said. "This is 39% of all game servers."

Also, this wouldn't be the first time a Valve game's source code got leaked as  Half-Life 2's source code was posted online in 2003.

HL2's source got stolen after the email of Valve's co-founder Gabe Newell got hacked and the entire HL-2 source tree was downloader from his computer.

Comments are closed.