Steam users say that some profile pages are attempting to phish other people through malicious code.
[Update 12:09-The mods at r/Steam say the issue has been fixed, and have posted a thread detailing the method of the exploit.]
Phishing refers to the act of using fraudulent log-in pages to trick people into giving away personal information. Usually this requires the user to click a link, but the reported phishing attempts on Steam instead involve profile pages being redirected automatically through the use of malicious code. At the moment, this threat affects people using Steam on browsers, including the ingame Steam browser. A user on a Steam forum thread about the issue went into more detail.
Moderators on r/Steam have said they’ve reproduced the steps it takes to injects your profile with such a code, and have sent them to Valve. In the meantime, they are urging users not to click on Steam profile links for now. Users should also make sure to double check URLs when doing anything involving your username, password or other sensitive information.
We contacted Valve about the issue but they did not respond in time for publication.