If you’re a Steam user, beware: hackers have managed to deliver malware to gamers through the platform.
Several game developers recently had their Valve accounts compromised, with the attackers using these accounts to update the games they distributed through Steam by adding malicious code.
Valve confirmed the news by contacting affected users via email, but has already taken steps to ensure something like this never happens again.
By the end of October 2023, developers will have to pass two-factor authentication (2FA) before they can deliver the latest game update to the players. Unfortunately, the only way to pass 2FA is via SMS, leaving the developers open to SIM swapping. That said, Steam partners will have to register a phone number with the platform soon enough. Those who don’t want to have no other way to update their game.
Speak with PC gamerValve said the “additional friction” is a “necessary trade-off to keep Steam users safe and developers informed of potential account breaches.”
If this all sounds exaggerated, that’s because this isn’t the first time Steam has come under fire from cybercriminals. Valve told media that there has been “an increase in sophisticated attacks” on developer accounts recently.
One of the developers whose account was compromised, media reports, is Benoît Freslon. On Twitter, he said malware stole his browser access tokens, giving the attackers temporary access to his Steam account, where he kept his game NanoWar: Cells VS Virus.