According to a post on /r/Steam subreddit, a malicious exploit targets user information via profile links. On your activity feed, or on other people’s profiles, do not click Steam profile links to prevent from an act of information theft. To cut it short: Don’t monkey around with other Steam profiles, if you don’t want your Steam account to be stolen. Here is the full post by the moderator R3TR1X:
Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.
If you are affected, the post further states; you should change your password, enable Mobile Authenticator (and deauthorize Steam Guard on all other systems), restart modem/change your IP and scan your PC for malwares.
You should also enable your Steam URL Address Bar from the Steam settings, and then check all the links when you browse Steam. Do not follow unfamiliar or weird links. Don’t look at the profiles of people you are unfamiliar of. Valve Security is working on a fix right now.
Stay safe!