Valve plans to beef up Security, as group of Steam developers recently revealed that their access tokens had been compromised. Steam, the gaming company, found itself under threat as malicious actors were using its platform to deliver malware to gamers.
Reports surfaced indicating that several game developers had fallen victim to this security breach, which allowed threat actors to gain access to their Valve accounts. Subsequently, these malicious actors exploited these compromised accounts to update the games being distributed through Steam by injecting malicious code into them.
In response to these security incidents, the company took immediate action. They sent out email notifications to their customers, alerting them to the situation and the potential risks associated with the compromised games. Additionally, the company has been actively implementing security measures and safeguards to prevent similar incidents from occurring in the future.
TWO FACTOR AUTHENTICATION SECURITY:
The company has announced its plan to roll out a two-factor authentication (2FA) security system by the end of October. As part of this initiative, game developers will be required to undergo a mandatory 2FA authentication process before they can release the latest game updates to their players.
However, it’s worth noting that the 2FA mechanism will be primarily reliant on SMS-based authentication. This does introduce a potential inconvenience, as it could be difficult conducting SIM swapping. The company is set to implement this 2FA security feature in October ending, and it’s important to highlight that for those who opt not to adopt this security measure, there will be no alternative means available for updating their games.
Valve disclosed that:
“The ‘extra friction’ is a necessary tradeoff for keeping steam users safe and developers aware of any potential compromise to their account.”
While it may appear burdensome, the company finds itself with little alternative, given that they have previously experienced similar cyberattacks on multiple occasions.
Furthermore valve laid emphasis saying:
“There has been an uptick in sophisticated attacks against developers accounts recently.”
News broke that one of the developers who fell victim to the recent compromise was Benoit Freslon. He took to Twitter to share his experience, revealing that a malware attack had resulted in the theft of his browser access tokens. These tokens, once in the hands of the attackers, provided them with temporary access to his Steam account. Of particular concern was the fact that Benoit Freslon had his game “NanoWar: Cell vs Virus” stored in this compromised Steam account.
Please do let us know in the comment section what are your thoughts about this.