There is a new exploit in CS2 that allows people to grab your IP, as well as remotely set Steam API keys to steal your items.
If you’ve seen people with links in their name or vote-casts with images/gifs embedded into them, you’ve likely been affected. (example images below)
Your next step is to revoke any API keys set here that you didn’t add yourself:
https://steamcommunity.com/dev/apikey
To see the severity of this exploit, please answer this poll:
If you played CS2 today and checked the link above, what did you discover?
- There was an API key set without my knowledge
- There were no API keys set without my knowledge
More info on the topic below:
CS2 Twitter feed:
https://twitter.com/search?q=cs2&src=typed_query
Twitch clip:
https://www.twitch.tv/piratesoftware/clip/ColdbloodedCredulousParrotRuleFive-0QOntk_5F5ka1WiI?filter=clips&range=7d&sort=time
Stay safe! 
2 Likes
oh hell nah thanks for the heads up
I wonder how Valve manages to let these things happen 
releasing this game was the biggest mistake. ^^
1 Like
I made a poll to see if it’s true that API keys can be set without people’s knowledge. Please take a second to answer it.
Looks like half the people who voted on the poll so far chose the option of their Steam API keys getting changed without their knowledge. Tell your friends and close ones to check their Steam API keys to be safe. Staying off the game right now is highly advised.
The only exploit that affects you in public games is embeded media/pictures and it’s patched for votekicks so it only affects you via game invites, turn on a vpn/name filtering and (cl_invites_only_friends 1) and you’re fine. The other shit is through custom maps.
What do you mean by “the other shit”?
Oh wow, didn’t even know about that! Thank you for the information.
