A reported source code leak from Valve’s Counter-Strike: Global Offensive and Team Fortress 2 went widely public on Wednesday, leading to serious concerns from players that those games would be vulnerable to cheats and exploits. The Team Fortress 2 community worried of more serious security risks, leading players to recommend that others not play the game at all online due to the risk of spreading viruses or malware.
Community creators shut down servers amid fear of remote code execution exploits, and moderators on the TF2 subreddit warned of possible vulnerabilities to players’ in-game items.
But Valve says the leaked code dates back to 2017 — and was previously leaked in 2018. The company also says it has “not found any reason for players to be alarmed or avoid the current builds” of games like CS:GO or Team Fortress 2.
Here’s Valve’s statement on the leak:
We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security). We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page describes how best to report that information.
According to tweets from Valve Archive curator Jaycie Erysdren, the CS:GO source code went public after a member of the Source Engine modding community — which is attempting to make playable some canceled Valve projects — allegedly leaked it. That source code was reportedly the basis for a number of discoveries about in-development Valve projects over the years.