Source: https://steamcommunity.com/app/440/discussions/0/2270320616957466159/
What exactly happened ?
The source code for TF2 and CS:GO was apparently leaked to the public. For TF2, the codebase seems to be dated around the time of Jungle Inferno’s release.
UPDATE 2 : Team Fortress 2 source code may not have leaked after all according to the source below.
UPDATE 3 : TF2 source confirmed not leaked : what filtered is really just shared code with the CS:GO leak. See this public source.
UPDATE : Official word on the CS:GO side of things :
We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.
Does Valve know about this yet ?
The news was forwarded internally, so they probably already know about it. If you have further informations, feel free to share.
UPDATE : They do, and have reviewed it. Source.
How will it impact TF2 ?
With the full source code release, it’s highly possible that cheat developers will use those to develop cheats and/or exploits based on unfixed glitches. I’d expect future updates to stamp it out fast, though.
Do note that for an exploit to impact you, it requires you to be playing on an online server and on the same one as an exploiter with an active exploit on hand : either of those conditions missing means you’re safe.
If you’re a coder, find out one of those exploits, can craft a PoC but decide to not exploit it for evil, head over to this link[hackerone.com] : you may get rewarded.
UPDATE 2 : According to the earlier source, TF2 may be confirmed not to be affected by the leak at all.
UPDATE 3 : TF2 confirmed not to be affected outside of potentially shared code being used for cheat development. As said earlier, even this will peter out with updates.
I have important informations about the leak !
Refer to this page for contacting Valve about security matters.
What games are safe to play ?
I really can’t make a 100% assumption on that one, but the rule of thumb is :
- Offline gaming, on your own LAN server, is 100% safe : you don’t connect to servers in the process and you can physically yell at the cheaters if you play with local friends. If there was an exploit there, that means Valve servers got hacked, and we have a much bigger problem.
- Singleplayer games are 100% safe, even on Source. They don’t connect to servers either. Updates are safe too.
- Other multiplayer Source games should be safe unless a RCE exploit found within the leaks can be transferred across games (for example, by shared source code), you’re connecting to a multiplayer server and the active exploiter with the active exploit joins your game. So far, I got nothing, but if one’s out, I’ll update the post.
- Needless to say, non-Source games are safe too.
How about the posts showcasing RCEs affecting TF2 clients ?
They were passed on for investigation.
UPDATE : There is a high chance they were fake.
Will having the game installed be risky ?
No. In the worst-case scenario, the only risk would be when connecting to an online server where an exploiter with an active exploit on hand is present.
Do you have any other information ?
None, I’m afraid. Either I genuinely don’t know, or I am not allowed to share it, which is functionally identical for you guys. If there’s news, I’ll add it to the FAQ.
I have another question
There’s not much more I can answer, but if the question is frequent enough and I get an official answer, I’ll add it.
F.A.Q. updated as of 23/4, may be updated without notice.
If you have updates, contact me directly through my profile comments : I’ll be probably be darting left and right across hubs.
