Two years after receiving the original bug report, Valve finally fixes a dangerous Counter-Strike: Global Offensive exploit, which could allow hackers to steal users’ passwords. The company was allegedly preventing the report from going viral, but a couple of weeks ago, it’s been made publicly available.

The original report was compiled by floesen_, a member of the reverse-engineering group Secret Club, which is responsible for bringing the story up again. At the beginning of April, this group of researchers told the CS:GO community that a dangerous exploit, which was discovered two years ago, hasn’t been fixed by Valve. Basically, the vulnerability allowed malicious code to run via Steam invites, infecting players’ computers and stealing their personal data. Although only CS:GO was confirmed to effectively execute fraudulent commands, it was hypothetically possible to repeat with any other Source game.

Related: CS:GO Removes Bots From Competitive, Wingman Modes & Players Aren't Happy

After the information about the dangerous security vulnerability in CS:GO resurfaced two weeks ago, Valve promptly fixed the bug, officially allowing the author of the original report to make an announcement. According to a tweet by floesen_, the company directly contacted them telling them that the exploit had been dealt with. Additionally, the software engineer was given permission to disclose technical details regarding the now-fixed bug. After a few days of hard work, floesen_ has shared a dedicated report, which includes all the specific information. Those interested in a detailed breakdown of how the bug could lead to dangerous consequences utilizing Steam invites can learn the truth on The Secret Club’s website.

Quite recently, there’s been a scandal around a group of professional CS:GO athletes who were organizing fixed esports matches. Members of the group were involved in a criminal scheme, the ultimate goal of which was to make guaranteed profits on betting. It took joint efforts of the United States’ FBI and the Australian ESIC (Esports Integrity Commission) to take down the malefactors. The results of the investigation are yet to be disclosed publicly, which will probably lead to adopting stricter laws regulating gambling in video games and on the esports scene.

Perhaps, Valve indeed had its reasons to let a dangerous exploit exist in CS:GO for years, but the story teaches a valuable lesson. Regardless of the company’s intentions, it should be taken as an absolute certainty that informing the general public of a potentially harmful exploit is the right thing to do. It took Valve a few days to fix the vulnerability after members of the community made it publicly known. And that’s exactly what every true gamer should do in such a situation.

Next: Valve Sued For Price Gouging & Abusing Steam Market Dominance

Sources: floesen_, The Secret Club