If you’re still playing Team Fortress 2 or CS: GO, you might want to put it away for a while. Until then, it may be advisable for Steam users not to play the source code for Team Fortress 2 and CS: GO. It has been reported that hackers obtained the source code and created a Remote Code Execution (RCE) exploit for both games.
Although the problem has since been confirmed and corrected as a false alarm, the risks associated with an RCE attack warrant extreme caution, even if the account is not confirmed or the problems have been fixed and confirmed.
Regarding today's reported leak of code, specifically as it pertains to TF2: This also appears to be related to code depots released to partners in late 2017, and originally leaked in 2018.— Team Fortress 2 (@TeamFortress) April 23, 2020
The leak was not intended to compromise the security of the game, and the source code was recently leaked. Today, the licensees of Team Fortress 2 and CS: GO’s Source Engine were leaked. The code dates from 2017 – 2018, and the code was made available to them under their license agreement.
We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.— CS:GO (@CSGO) April 22, 2020
Global Offensive went largely public on Wednesday, April 22, but Valve survived the leak well, with the most memorable leak being the release of the source code for Team Fortress 2 and CS: GO on April 20. The source code leaks that have surfaced online could potentially ruin the future of one of the most popular games in video game history.
Although it would not matter much to the average player, it would open up a way to circumvent security measures and expose and exploit the game to fraudsters
Dozens have taken to forums and social media to report the leak, which specifically calls for a possible remote code attack. In the leading TF2 subreddit, moderators have flagged claims of a new exploit or hack as “untested” to manage disinformation and trolling. There is nothing to confirm that such vulnerability has been found in any of the games running Source 2.0, so probably other games running Source are not at all at risk.
Users have also been assured that this is in no way a cause for concern or danger, and the security of Team Fortress 2 servers has also been ensured. Valve has since stepped in to fix the Team Fortress 2 leak in a series of tweets. In a statement posted on Twitter, the server was shut down and people were informed that the leaked code originally came from CS: GO and included the source code for the game’s multiplayer mode as well as a number of other features