Valve to Add New Feature to Protect Steam Users
Valve, the renowned gaming platform, is taking decisive action to safeguard its users and developers following a recent security breach in which hackers tampered with some games on Steam, embedding them with malicious software. While the number of affected users was relatively small, totaling fewer than a hundred, Valve is implementing a new layer of security. Going forward, all developers seeking to update their games on the Steam platform will be required to undergo SMS verification.
The initial report of this development came from Simon Carless, the founder of GameDiscoverCo newsletter, who shared the news on Twitter. Valve subsequently confirmed the specifics of this initiative in an email to PC Gamer. Valve explained that they have already reached out to all the impacted Steam users through email. Among those affected was developer Benoît Freslon, who shared his experience on Twitter, revealing that his game, NanoWar: Cells VS Virus, fell victim to the attack, which resulted in the theft of his browser’s access tokens.
Valve’s official blog post provided comprehensive details regarding the two-factor verification policy and its implementation. To update their game on Steam’s default branch, which triggers an automatic update for the majority of users, developers will be required to input a unique code sent via SMS. Consequently, developers will need access to a mobile phone to make updates. However, this confirmation code will not be necessary for unreleased games. Furthermore, any additions of new users to a Steamworks account will also necessitate SMS verification.
Valve acknowledged that this policy may introduce some “extra friction” for developers but emphasized that it is a crucial tradeoff to ensure the safety of Steam users and to make developers vigilant against potential threats to their accounts. Valve cited a notable uptick in “sophisticated attacks” targeting developers operating on the Steam platform as the driving force behind this initiative.