Security

CS:GO and TF2 Source Code Leaks on 4chan as Valve Says There’s no Danger

Written by Bill Toulas
Last updated September 23, 2021

Someone has posted the source code of Team Fortress 2 and Counter-Strike: GO on 4chan, the controversial imageboard website that keeps its users anonymous. From there, users grabbed the code and proceeded to share it on Reddit, Twitter, torrent sites, gaming forums, etc. Immediately, panic hit the vast player base of the two Valve titles, as people felt that anyone could now discover and exploit vulnerabilities in the games. That would lead to the dropping of malware on the players’ systems, RCE attacks, and various other malicious scenarios.

Upon investigating the leak, Valve figured that the code is dated, and concerns code depots shared with partners three years ago. The same files also leaked in 2018, so Valve was aware of their availability online. As the video game developer and publisher states, there is no reason for players to feel that they are in danger when launching CS:GO or TF2. The video games company will continue to investigate and monitor incoming reports on the Valve security page. Still, from what seems to be the case, digging in that three-years-old source code does not reveal any flaws, at least nothing that is still present on the current builds.

Multiplayer games that launch through Steam cannot stagnate at an older stage for long. Players are forced to update sooner or later, as everyone needs to be running the latest available client version since otherwise, they cannot access the multiplayer lobbies. That said, the only thing you should be doing is ensuring that you are playing on official servers. No legit exploits have been published anywhere, there is no evidence that there’s a way to exploit any vulnerabilities, so there’s no tangible or realistic reason to worry about right now.

source_code

Source: 4chan

As for the person who leaked this online, Valve’s legal department will have some work to do on that part. Some are pointing to Tyler McVicker (Valve News Network), who denied having leaked the code and also claimed to know who did it. Others look at Discord groups “Cephalon” and “YSU Calc II,” where parts of the leak appeared two years ago. And finally, some accuse Valve employees of being responsible for the initial exposure, stating that they have received VSS images (backup volumes) from them in the past.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: