Valve confirms code leak for two online games, offers assurances for one of them

A major source code leak for Valve's biggest competitive PC multiplayer games—Counter-Strike: Global Offensive and Team Fortress 2—began making the rounds late Tuesday. Amid worries that this code leak for active, online games would lead to hackers finding exploits and developing remote code executions (RCEs), Valve issued a statement on Wednesday that such worries were moot.

There's a catch, however. In an emailed statement to Ars Technica about the nature of the leak, Valve only offered a statement about CS:GO:

    We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security). We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page (https://www.valvesoftware.com/en/security) describes how best to report that information.

(To clarify: Valve's Source Engine emerged in 2004 as the framework for a different version of Counter-Strike. Before Valve launched any games with that engine, its source code leaked. This week's news is about an entirely different leak, which Valve claims first took place in 2018.)