[PSA]Here we go again, don't open random steam profiles - FIXED

Open

https://www.reddit.com/r/Steam/comments/5skfg4/warning_regarding_a_steam_profile_related_exploit/

Wow, another exploit, how unexpected

Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users (both desktop and mobile versions). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.
Anyone (with knowledge of the exploit) who uses or abuses it FOR ANY REASON will RISK RECEIVING A COMMUNITY BAN. If you find any such profile that you can't report (as in literally cannot use the report button), please PM them to me.
Keep in mind that any discussion on any exploit method is NOT allowed here and will result in a ban without warning. This post is intentionally vague, and will be kept that way due to the nature of this exploit.
And to make it VERY clear: do NOT post profile links on this sub (temporarily), do NOT post proof of concepts (we have the repro steps and passed them on), do NOT post anything relevant that might provide information on how to do this exploit (incl. youtube links). This post is your warning.
TO THOSE POSSIBLY AFFECTED:
Change your Steam Account password, enable Mobile Authenticator if it's not on already (otherwise deauthorize Steam Guard on all systems from settings) then restart your router/change IP. You might want to also consider scanning your system with a malware scanner/anti-virus.

TL;DR

Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN ACTIVITY FEED (both desktop and mobile versions on all browsers).

update:

Valve have disabled Guide Showcases which means noone else can attempt this exploit. Now we just wait for them to clean up the profiles that have already abused this.

update 2:

Steam Profiles are safe to visit now.

Activity Feed might still be affected

update 3:

Fixed

7 years ago*

Comment has been collapsed.

131 Comments

boanoitevermes

what about autoplaying stuff? I open my activity feed and it starts to play some crap music. probably just stuff someone in my feed posted, but there wasn't any autoplaying before, yes?

7 years ago

Permalink

Comment has been collapsed.

PraiseRhllor

I use it daily and I've never seen autoplay in activity feed tbh

7 years ago

Permalink

Comment has been collapsed.

boanoitevermes

yep, same here. that's why I asked.

7 years ago

Permalink

Comment has been collapsed.

boanoitevermes

ok, just realized someone in my feed somehow managed to set music to his profile. now everytime I open the damn feed it starts playing. AND he got a suspension from Valve because of this.

7 years ago

Permalink

Comment has been collapsed.

Tristar