Euro Truck Simulator developer Tomáš Duda has been hit with a 1 year ban from Steam after using a public community announcement to highlight a vulnerability in Steam. According to the developer, Steam suffers from a vulnerability in (at least) the community announcements that allows script codes to be inserted along with the announcement. In an attempt to bring attention to the issue and force Valve to fix the bug, Duda injected a redirect script into his latest announcement that forwarded visitors to a video of the Harlem Shake.
The announcement and script trickery got a bit more attention than he had anticipated. Valve reacted swiftly by issuing him a 1 year ban from the service, although it’s unclear at this time if they plan on reconsidering the ban once the dust settles. You can check up on the status of the ban by visiting the Is Timmy Still Banned website they he’s set up.
Looking over the developers Twitter feed, it seems pretty clear that he was set on making the vulnerability public. Security researchers often find themselves in similar situations in regard to public vs private disclosure of bugs. One could argue that Duda should have waited longer for the fix after informing Valve of the vulnerability, but who knows how long Valve has actually known about the bug.