Hackers Took Over Developer Accounts on Steam; They Gained Little, but Valve Finally Acted

Source: Valve.

i

The day before yesterday, Valve issued an announcement according to which starting October 24, the way developers who publish games on Steam are managing their compilations and add users to partner groups will change. In both cases, it will be necessary to additionally authenticate the developer's account by entering a code received via SMS. To be precise, this security measure will be applied:

1. before a new, updated version of the game is made available to the general public (on the so-called "default branch", under the "beta" tab in the properties of the game in question);
2. before an administrator invites another person to join a partner group.

In theory, it's no big deal - just a kind of Steam Guard, only that for developers. "Ordinary" Steam users, who use this feature on a daily basis to protect their accounts, can shrug their shoulders here, at most being surprised that it will come into effect only now.

Valve's move did not come out of nowhere. Recently it was reported that a number of hacks on developers' accounts has taken place. As part of game updates - one of which was NanoWar: Cells VS Virus - hackers shared malware. If the player did not disable automatic updates, the "patch" downloaded automatically to their computer.

As reported by PC Gamer, a total of less than 100 people downloaded such software. Each of them was said to have been informed of the incident via email. Thus, it could be considered that Valve's reaction is a bit over the top.

Nevertheless - as I pointed out earlier - it's surprising that the management of Steam has delayed the implementation of this feature for so long. Especially since this was not to be the only attempt to gain illegal access to developers' accounts, and recently there has reportedly been an "increase in the number of sophisticated attacks" targeting them.

1. Steam - official website