Platform owner reports “an uptick in sophisticated attacks” on Steam devs
Valve are introducing text message verification for game developers using Steamworks, following what the platform-holders describe as a limited incident which saw hackers taking over several Steamworks accounts and adding malware to their games. Reportedly, fewer than 100 Steam players have been affected by the malware – I hope you’re not among them.
It’s not clear which and how many projects have been affected by the hacks, but the incident appears to date back to late August, and victims include NanoWar: Cells VS Virus developer Benoît Freslon,who told GameDiscoverCo’s Simon Carless on Xitterthat all of his accounts were hacked using a token grabber. (Freslon mournfully added that “ironically, in my game, players fight viruses”.)
Valve are purging the builds affected, and are beefing up Steam’s security mechanisms. A company representative has toldPCGamerthat there has been “an uptick in sophisticated attacks” against Steam devs, and that “extra friction” for partners is a “necessary tradeoff for keeping Steam users safe and developers aware of any potential compromise to their account.”
Valve have outlined their security changes ina post on Steam. “As part of a security update, any Steamworks account setting builds live on the default/public branch of a released app will need to have a phone number associated with their account, so that Steam can text you a confirmation code before continuing,” it reads.
Developers will need a text message confirmation code whenever they update a build in the default branch of a Steam app, but they won’t need a code to update a beta branch or an app that hasn’t been released. Steamworks partner group admins will also need a text message code in order to invite a new user to the group.
There’s a Q&A with some additional specifics inthe full post. I feel bad for Freslon, so let me end by linking to his free mobile puzzle game Enigmbox, which you can play onAndroidandiOS.
