Jump to content
Sign in to follow this  

Private Steam Profiles Weren't So Private But Have Since Been Fixed

Marcus Estrada

Today ArsTechnica broke an interesting story about Steam profiles. Those who use the service are no doubt aware that profile pages can be set to private or friends only. Those who do so probably wish to not have their embarrassingly large gaming collections out in the open, or maybe wish to obscure how much they play games from associates. Regardless of the reasons why, private profiles are a nice feature but apparently they weren't as private as the name implied.


Until Valve was alerted to this opening in their security, it had been possible for anyone with a little know-how to check out every facet of someone's private profile. Simply looking at the source code of a profile page set to private/friends only would reveal a complete listing of that user's games under the array rrGames[]. There's nothing malicious about viewing a web page's code, which is why it's a bit surprising all the data was simply not hidden from view.


From there, it was only a matter of typing in various Steam URLs to see more information about the games played. Games that keep many statistics such as Left 4 Dead and Team Fortress 2 could be viewed as easily as checking your own. The same held true for other sections of Steam such as friends lists and badges.


None of this exposed passwords or anything of that sort, but it is still strange to realize all of this had been left out in the open. Valve certainly wasn't pleased. After ArsTechnica alerted them to this information it was quickly blocked off. Now private Steam profiles are fully private unless something else is discovered.

Sign in to follow this  

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now