Steam users, take heed, as a recent security breach has allowed hackers to introduce malware into the gaming platform.
In a concerning turn of events, multiple game developers have fallen victim to unauthorized access to their Valve accounts. These attackers exploited the compromised accounts to tamper with the games they were distributing on Steam, inserting malicious code into the titles.
Valve, the company behind Steam, has officially acknowledged these incidents and has reached out to impacted users via email. Moreover, the company has taken swift action to ensure the prevention of similar breaches in the future.
Valve’s new security measure, set to be effective by the end of October 2023, requires developers to undergo two-factor authentication (2FA) before they are permitted to deliver game updates to players. Notably, the sole method for passing 2FA will be through SMS, which does introduce the potential vulnerability of SIM swapping. Steam partners will soon be mandated to register a phone number with the platform; those who opt not to comply will have no other way to update their games.
Valve has stated that this “extra friction” is a necessary compromise to safeguard Steam users and to keep developers informed of any potential breaches of their accounts, as per their communication with PC Gamer.
This heightened security protocol may seem extensive, but it is a response to the rising number of sophisticated attacks targeting developer accounts on Steam. The platform has witnessed an increase in such cyber threats.
One developer who experienced an account breach, Benoît Freslon, revealed on Twitter that malware had pilfered his browser access tokens. This allowed the attackers temporary access to his Steam account, which he used to host his game, NanoWar: Cells VS Virus.
In light of these security breaches, Valve is taking a proactive stance to enhance the safety of its platform and protect both gamers and developers from cybercriminal activities.
