Source code for Counter-Strike: Global Offensive and Team Fortress 2 has leaked, and fans of both games worry about the potential for cheating, malware, and other unwanted exploits.
Valve, the games’ developer and publisher, confirmed in an email to WIRED on Wednesday that the Counter-Strike: Global Offensive leak is legitimate, and includes code from a 2017 build of the game. WIRED has also learned that the Team Fortress 2 code is from a circa 2011 build and was contained within the Counter-Strike: Global Offensive code. While a representative for Valve told WIRED that they have not found “any reason for players to be alarmed or avoid the current builds,” they are continuing to investigate the situation. The company also posted a statement to its Twitter account.
Shooter Counter-Strike: Global Offensive is among the most popular videogames around, with over one million people logging in every day to play, and boasts a hugely popular esports scene. Shooter Team Fortress 2 has waned in popularity since its widely-lauded 2007 release, but still sees tens of thousands of players daily. Players fear that this week’s leak may threaten the competitive environments of these games; cheat-makers and malware developers rely on games’ source code to identify exploits and design software that modifies the gaming experience.
For that reason, access to source code is highly controlled, and would usually be limited to people like source engine licensees, Valve employees and contractors. But Tyler McVicker, who runs the ValveNewsNetwork YouTube channel, says that a small group of people who develop Valve fan games had unauthorized access to the code since 2018, although they attempted to contain it from leaking further. (Valve confirmed that the Counter-Strike: Global Offensive code originally leaked in 2018). On Tuesday, one member of that community released the code more widely in retribution for being removed from a Discord group, says McVicker and another member of the Discord group.
“I woke up to armageddon occurring in the Valve community,” McVicker says.
Team Fortress 2 players in particular are concerned about the leak’s impact on the game, which receives irregular updates and already contains exploits. (Counter-Strike: Global Offensive is updated regularly.) Individuals running community servers are taking those servers offline “because of the uncertainty surrounding security of our infrastructure,” wrote community server organization Creators.TF in a blog. A moderator of Team Fortress 2’s subreddit and Discord group says community leaders are “urging caution,” citing concerns over potential security vulnerabilities that could impact players.
Although Valve is assuring fans that there’s no reason to freak out, a representative said the company always recommends playing its games on its official servers, rather than fan servers, for greatest security.
Updated 4-22-20, 7 pm EDT: This story was updated to clarify Valve’s confirmation.
More Great WIRED Stories