UPDATE: The official Twitter account for Counter-Strike: Global Offensive has issued a statement regarding the recent source code leaks. The tweet says that after reviewing available information, there’s no cause for alarm or any need to avoid the current build of CS:GO. Still, it would be wise to stick to official matchmaking servers for “greatest security.”
We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.
— CS:GO (@CSGO) April 22, 2020
ORIGINAL STORY: Bad news looms over the head of Team Fortress 2 and Counter-Strike: Global Offensive players. Both games recently had their source code leaked, and the internet is abuzz with rumors of new hacks, exploits, and security concerns. Most worrying of all, the leak has revealed the risk of remote code execution in Team Fortress 2.
The source code leak is based around older builds of the games, right around the release of CS:GO‘s Operation Hydra in 2017. The code was apparently provided to a valid Source Engine licensee, but was then allegedly leaked by a third party following a personal dispute.
It wasn’t long before Tyler McVicker, who runs the Valve News Network channel on YouTube, was caught in the mix. Screenshots of Discord conversations entered circulation, wherein McVicker denied leaking the code. McVicker has since provided more information, including retweeting a Twitter thread detailing how a former Lever Softworks associate leaked the code as a sort of retribution.
The explanation of every leak from today, April 22 2020.
The reason that this leak happened is because one of Tyler's longtime associates was recently removed from Lever Softworks due to problematic behavior including racism, homophobia and transphobia. (1/14)
— Jaycie λ (@JaycieErysdren) April 22, 2020
Needless to say, the source code leak spread quickly. Twitter user and Steamworks developer 2Eggs provided many details about the leak, saying it could potentially lead to game-breaking exploits. Not long afterward, 2Eggs mentioned a new Team Fortress 2 exploit that opened the door for remote code execution, or RCE.
Remote code execution is a major concern, since it allows a hacker to run a code on a player’s machine. They can run in-game hacks, typically to cause an instant game ban, or display hateful messages on-screen. Through remote code execution, it’s even possible to open outside programs, such as opening a command prompt as seen in the tweet below.
For now, users should avoid running Team Fortress 2. Given that TF2 and CS:GO are based around the same engine, it’s possible that RCE exploits could affect Counter-Strike: Global Offensive as well. The possibility of an instant game ban is worrying enough, but RCE could lead to more much more serious problems that may potentially render a PC inoperable.
Valve has yet to provide a statement concerning the TF2 and CS:GO source code leaks. Many fans are hoping the situation encourages the company to push Source 2 into the games, effectively rendering the old code useless in the development of further exploits. Until then, the general consensus is that running either game is considered risky at best or dangerous at worst.