It seems a recent scam game has exposed a vulnerability in Steam’s security measures.
A few days ago, security researcher and YouTuber Eric Parker revealed that a Steam game called Beyond The Dark was stealing user data. Eric shows himself running the game, and displays when and how it takes user data without permissions. Eric also demonstrated that an app will open, but it won’t actually let you create or join a multiplayer session if you try it.
As reported by MP1st, the developers figured out that Valve doesn’t check games after they are first published for security issues. So they actually launched a game called Rodent Race in 2024, switched it around to a new game called Beyond The Dark, and made the game free on Steam.
Valve did move to delist the game immediately, but this raises questions about their security measures. Have other Steam games already taken advantage to steal player data before this one was caught? Is SteamOS also vulnerable?
Valve needs to do more here to reassure users that Steam is safe.
