Valve introduces stronger Steam security after attack on developer accounts added malware to games

by Danny Craig  · 
Valve introduces stronger Steam security after attack on developer accounts added malware to games
Valve

Following a hack that resulted in games being updated to include malware, Valve has announced that developers will now be required to enable SMS verification.

The details:

  • As reported by PC Gamer, attackers recently gained access to game developers' Steam accounts, causing their games to be updated to new builds that included malware. According to one developer, Benoît Freslon, the hackers were able to gain control of his browser tokens, allowing them to access the account he was logged into. It appears that less than 100 users had the games installed at the time of the attacks, and all of them have been notified directly by Valve via email.
  • Even though the attack caused little damage, Valve is now requiring mobile phone numbers to be added to all Steamworks accounts. When a developer wants to push out a new build of the game, they must enter a verification code sent via text message, which prevents attackers from easily making changes. "For any released app, if you want to update a build to the default branch, Steam will text you a confirmation code," Valve explained. "You will need to enter this code to set the default branch. Note that you will not need a code if your app is not yet released, or if you are updating a beta branch.”
  • The requirement will go into effect on October 24, with Valve recommending that developers add their mobile numbers in advance, with the company planning to implement the requirement for "other Steamworks actions" in the future. Along with email verification, the code will now be required when adding a new user to a Steamworks group.

More gaming news:

Latest News