Players got to take care when deciding to play or not.
The ASCII text file for CS:GO and Team Fortress 2 leaked earlier today on 4chan. This has caused many of us to recommend that players should avoid playing either game since it could put them in peril of exploitation.
Since the source files are now available, many hackers will likely be messing with the web servers, which successively could impact many players who access either game’s online modes.
The ASCII text file in question is from 2017-18, which was previously made available to Source engine licensees to use. But albeit the code is from an older model, the files inside could lead to advanced exploits being developed for both titles.
Valve has yet to discuss the leak, but multiple community-run servers for TF2, like Creators.TF and Puka Inti, have announced that they’ll be shutting down all operations until something is completed to counter potential exploitation. Reddit moderators on r/tf2 and r/counterstrike are recommending that players completely avoid playing either game, a minimum of until Valve responds.
These measures are being pushed to undertake to stay players safe from any Remote Code Execute (RCE), which has been utilized in the past to push viruses, activate aimbot for any player, or delete inventory items through the servers.
“Basically you're significantly more vulnerable in multiplayer matches,” an r/tf2 moderator said. “It is certainly possible that somebody could install an epidemic on your machine by just being within the same server. Your items and steam profile could even be targeted. For your own safety, we might advise that you simply hold off playing until this problem has been resolved. I don't skill long which will be but we'll keep you posted.”
https://twitter.com/nikkehtine/status/1253008470657335296
Until a political statement is formed by Valve, it’s recommended that CS:GO and TF2 players avoid playing online or booting up the sport entirely, if possible. There haven’t been any confirmed RCE attempts yet, but it’s better to proceed with caution.
Update April 22, 4:45pm CT: Valve posted an update from the official CS:GO Twitter account about the leaked ASCII text file, saying that it hasn’t found “any reason for players to be alarmed or avoid the present builds.”
“We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018,” Valve said. “As always, playing on the official servers is suggested for greatest security. we'll still investigate things and can update news outlets and players if we discover anything to prove otherwise. within the meantime, if anyone has more information about the leak, the Valve security page describes how best to report that information.”