Business

Valve adds new security check after attackers compromise Steam accounts of multiple game devs and update their games with malware-

The Steam accounts of multiple game developers were recently compromised and used to update their games with malware. Fewer than 100 Steam users had the games installed when the malware was added, and they’ve been directly notified of the risk by email, according to Valve. The company confirmed details of the story, reported earlier this week by GameDiscoverCo newsletter founder Simon Carless, in an email to PC Gamer today.

Although this attempt to use Steam to distribute malware wasn’t very effective, Valve has taken a major step to prevent it from happening again. Starting October 24, game developers will be required to pass a two-factor authentication check before updating the default branch of a released game—the version that Steam will automatically deliver in an automatic update to most players who have it installed.

An SMS text message will be the only way to receive the two-factor code, so Steam partners must register a mobile phone number to be used any time they want to update their game’s main release version. To developers who don’t have a phone, Valve’s post about the change says “sorry,” but they’ll “need a phone or some way to get text messages” if they want to continue updating their games.

Valve tells PC Gamer that this “extra friction” for partners is a “necessary tradeoff for keeping Steam users safe and developers aware of any potential compromise to their account.” This recent incident hasn’t been the only attempt to gain illegitimate access to Steam partner accounts: Valve says it has seen “an uptick in sophisticated attacks” targeting the accounts of devs who release games on Steam.

Steam partners will also need to use SMS verification to add new users to their group, and Valve says that it plans to add the two-factor security check to other Steam backend actions in the future.

One of the games temporarily compromised was NanoWar: Cells VS Virus, whose developer, Benoît Freslon, said on X that he was himself the victim of malware which stole his browser access tokens, giving the attackers temporary access to any web service he was logged into at the time. “I just used my dev account to release the game few hours before the hack I suppose,” he said.

Related Posts

Oil set for third weekly decline as Middle East conflict concerns ebb

Oil prices were little changed on Friday after rising in the previous session but are set to fall for a third week as concerns of supply disruptions from…

Rashi Peripherals raises Rs 150 crore in pre-IPO round

Rashi Peripherals, an information and communications technology products distributor, has mobilised Rs 150 crore from institutional investors in a pre-IPO (initial public offer) funding round.The round saw participation…

Sebi raises basic demat account limit to Rs 10 lakh

In a bid to boost the participation of retail investors in the securities market, the Securities and Exchange Board of India (Sebi) has revised the framework for basic…

Jubilant Foodworks under pressure; Should you buy, hold or sell the stock-

The share price of Jubilant Foodworks, which operates Domino’s restaurants in India tanked 6.39% to Rs 495.25, a day after the company posted second-quarter profit at Rs 97.20…

The DualSense Edge Comes Bundled With A Great Free Game Right Now

The DualSense Edge is a stellar controller for those looking for a premium feel and customization features. Offering tunable triggers, swappable sticks, mappable back buttons, and a premium…

Thieves Allegedly Stole A Truck Packed With $1.5 Million in Oculus Headsets

Six men have been indicted for allegedly stealing a number of trucks, including one packed with $1.5 million in Oculus headsets, 404 Media reports. According to court documents,…