Valve Creates New Security Measure After Malware Attack Affected Steam Games

Valve is adding a new precaution after hackers modified some Steam games to contain malware. Though fewer than a hundred users had the games installed at the time, Valve will soon require SMS verification for all developers who wish to update their games.

GameDiscoverCo newsletter founder Simon Carless first reported the story on Twitter. Valve confirmed details in an email to PC Gamer. Valve wrote that all the affected Steam users were reached out to via email. Developer Benoît Freslon said on Twitter that his game, NanoWar: Cells VS Virus, was hit by the attack and that the malware stole his browser's access tokens.

On a blog post, Valve confirmed the two-factor verification policy and shared details of its implementation. If developers want to update their build on Steam's default branch, which will result in an automatic update of the game for most users, they will need to type in a code. The only way to receive this code is via SMS, so developers will need to have a mobile phone in order to update their games. However, developers won't need to put in a confirmation code if the game has not yet been released. Adding new users to a Steamworks account will also require SMS confirmation.

Valve told PC Gamer that though this policy might cause "extra friction" for developers, it is a "necessary tradeoff for keeping Steam users safe and developers aware of any potential compromise to their account." Valve also said that it has seen an increase of "sophisticated attacks" targeting developers working on Steam.