Counter-Strike 2 players advised not to play amid “huge” CS2 security exploit

Counter-Strike 2 (CS2) players are being urgently advised to avoid the game due to a significant security exploit.

The “huge” security exploit has rapidly gained attention on social media, particularly Twitter, and poses a serious risk to players’ online safety.

Furi, a prominent figure in the CS2 community, highlighted the gravity of the situation in a recent video. “If you’re in CS right now, you might want to exit the game,” he warned, explaining that the exploit allows attackers to access the IP addresses of everyone in a server.

This vulnerability stems from a flaw in how Steam names are handled within CS2, enabling the display of altered visual content through simple HTML code.

Put simply, don't play CS2 until Valve fixes this. It's not the kind of fire you want to play with.

— Pirate Software (@PirateSoftware) December 11, 2023

The exploit’s severity was further underscored by PirateSoftware, a security expert. With over 20 years of hacking experience, he advised, “Do not play CS right now. You are 100% vulnerable to this until they fix it.”

He described the exploit as “incredibly easy to pull off” and “script kitty level easy,” emphasizing the urgent need for a fix.

Furi also expressed frustration over the timing of this exploit, noting the upcoming Regional Major Rankings (RMRs) for the next major CS2 tournament. “This game was supposed to be ready months ago, but here we are having a ton of issues,” he lamented.

HUGE SECURITY EXPLOIT IN CS2 RIGHT NOW⚠️

This image has been going around reddit for the last few hours (very explicit, blurred for obvious reasons). People were saying it's fake, but it isn't.

Apparently, there is a security exploit with Steam names inside CS2, which allows… pic.twitter.com/lcQqsAB5Ba

— Ozzny (@Ozzny_CS2) December 11, 2023

The community’s response has been one of concern and caution. Ozzny, another CS2 content creator, raised concerns in a tweet, warning about the exploit and its potential to manipulate in-game visuals and access player IPs.

He also raised concerns about the possibility of more severe attacks, such as running unauthorized code or accessing Steam accounts, though these remain speculative.

As the CS2 community waits for a resolution, Furi’s advice resonates: “Do not enter the game right now until it’s fixed.” He suggests keeping an eye on official CS2 and related Twitter accounts for updates.

In the meantime, it seems the safest strategy for CS2 enthusiasts is to take a break and wait for the all-clear. After all, it’s better to miss a few matches than to risk your online security.