Valve's Counter-Strike: Global Offensive regularly sits atop the list of most-played games on Steam, and though it's far eclipsed in player count, 2007's Team Fortress 2 regularly joins CS:GO in the top 10. Today, communities for both games as well as other multiplayer games and mods that run on the Source engine are nervous: A reported source code leak for TF2 and CS:GO created a panic about engine exploits and hacking. But in a new statement, Valve says there's currently no cause for concern.
"We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018," Valve's Doug Lombardi told USgamer over email. "From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security)."
Lombardi says Valve will investigate the situation further and provide updates to players if security concerns do emerge. Valve is also directing anyone with useful information about the leak to its security page for steps on how to report those details.
Hours prior to Valve's response, Creators.TF, a popular community hub for Team Fortress 2, announced it was shuttering its multiplayer servers "for the foreseeable future" out of concern for its infrastructure and the security of players in the light of the leak. Valve has issued numerous updates to both TF2 and CS:GO since 2017, including security and exploit patches (such as a recent fix for a rash of TF2 server-crashing bots).
In the meantime, communities for both Team Fortress and Counter-Strike are struggling with the fallout of the leaks. On the leading TF2 subreddit, moderators are tagging claims of new exploits and hacks as "unverified" in an attempt to manage disinformation and trolling. Dozens took to forums and social media to post warnings about the leaks that specifically called out the potential for remote code execution attacks, but there is nothing that confirms such vulnerabilities have been found in TF2, CS:GO, or any other game running on Source. Single-player games and games running on Source 2, such as Dota 2, are presumably not at any risk whatsoever.
Valve has weathered leaks throughout its history, the most memorable of them being the 2003 leak of Half-Life 2's source code. Axel Gembe, the man responsible for breaching Valve's servers to obtain the code, was arrested after admitting to the crime and sentenced to two years probation. Half-Life 2 went on to be a commercial and critical success regardless. If this new leak does somehow damage the security of one or more popular multiplayer titles, it could very well eclipse the Half-Life 2 leak in its infamy.