As you may be aware, the Steam accounts of a number of game developers have recently been used to spread malware, and Valve has now implemented measures to help stop this happening.
VIEW GALLERY – 2 IMAGES
The game devs in question had their accounts broken into, with the perpetrators then sending out updates to their respective games which included malware. Nasty indeed, particularly when you consider many Steam users have their game library set to update titles automatically, which would have downloaded the malware straight away.
The better news with this security breach is that not many Steam users were affected, fewer than 100 as PC Gamer reported. And as you might expect, Valve has now made a move to tighten its defenses against this sort of attack.
From now on, developers will need to use 2FA before applying and releasing an update to a game, receiving a code on their smartphone as a second factor of verification. Clearly, that’s not something the attacker should be able to work around (unless they have access to said phone, of course, somehow).
“As part of a security update, any Steamworks account setting builds live on the default/public branch of a released app will need to have a phone number associated with their account, so that Steam can text you a confirmation code before continuing.”
Those without a smartphone will need to get one. As Valve told developers:
“Sorry, but you’ll need a phone or some way to get text messages if you need to add users or set the default branch for a released app.”
Meanwhile, those Steam users who were among the unfortunate few to download a malware-laden game update have been informed about it by email.