In the world of online gaming, a storm has swept through the realm of Steam game developers, leaving their accounts vulnerable to malicious attacks. As news of this breach spread, Valve, the company behind Steam, swiftly took action to fortify their defenses.
With new security measures in place, game developers will now face a two-factor authentication check before updating their games.
This article delves into the recent compromise, the affected game, and the steps taken to safeguard the integrity of the Steam platform.
Steam Account Compromises
Steam account compromises have become a recurring issue for game developers. Recently, multiple game developers’ Steam accounts were compromised, and attackers used these accounts to update games with malware. Fortunately, the number of affected users was relatively low, with less than 100 Steam users having the infected games installed.
Valve, the company behind Steam, promptly notified the affected users of the risk via email, confirming the incident reported by GameDiscoverCo newsletter founder Simon Carless.
Compromised Game: NanoWar: Cells VS Virus
During the recent series of Steam account compromises, one of the games affected was NanoWar: Cells VS Virus, highlighting the vulnerability of developer accounts.
The developer of the game, Benoît Freslon, fell victim to malware that stole his browser access tokens, allowing the attackers temporary access to any web service Freslon was logged into.
Freslon suspects that his developer account was used to release the game shortly before the hack.
This incident emphasizes the importance of implementing stronger security measures to protect the accounts of game developers.
Prevention Measures Implemented by Valve
Valve has recently implemented new security measures to prevent future attacks on game developers’ accounts.
Starting October 24, game developers will be required to pass a two-factor authentication check before updating the default branch of a released game.
The only method to receive the two-factor code will be through SMS text messages. Steam partners will need to register a mobile phone number to receive game updates. However, developers without a phone will need to find an alternative way to receive text messages.
This additional security measure aims to enhance user and developer safety, as Valve has observed an increase in sophisticated attacks targeting developer accounts.
Increased Security Measures for Steam Partners
To enhance the security of Steam partners, additional measures have been implemented to protect against unauthorized access to developer accounts. Valve, the company behind Steam, acknowledges the increasing sophistication of attacks targeting developer accounts.
As a result, Steam partners will now be required to undergo the SMS verification through a two-factor authentication check when updating the default branch of a released game. This means that developers must register a mobile phone number to receive the two-factor code via SMS.
While Valve recognizes that this may introduce some friction for partners, they consider it necessary for the safety of both users and developers.
Valve plans to extend the two-factor security check to other Steam backend actions in the future.
The new two-factor authentication check for updating released games aims to prevent future attacks and ensure the safety of both users and developers.