Steam phishing exploit fixed by Valve
Update: Valve have now fixed this exploit, so you're free to browse Steam until your little heart is content.
Basically, the exploit happened because a section of the 'My Guides Showcase' recognised scripts placed in the title section, opening it up to abuse. There are more details over on Reddit.
This isn't the first time something like this has happened, as you can see in the video above. Tomáš Duda, a developer working for SCS Software, uncovered an exploit in 2014, and his reports to Valve allegedly went unanswered.
He decided to show them by putting a bit of harmless code in there, making Steam do the Harlem Shake. It's funny, but it did get him a year ban.
RELATED LINKS:
37 CS:GO coaches have been banned for using a spectator bug
CS:GO console commands, launch options, and configs
ESL announces CS:GO 2021 events calendar, big Pro Tour format changes, more