Security News > 2023 > October > Valve introduces SMS-based confirmation to prevent malicious games on Steam
Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to "Validate" new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement.
Valve sent out notices last month to select users to inform them that they may have been infected with malware after playing a specific game via Steam.
"The Steam account for the developer of this game was recently compromised and the attackers uploaded a new build that contained malware," the notice said.
"As part of a security update, any Steamworks account setting builds live on the default/public branch of a released app will need to have a phone number associated with their account, so that Steam can text you a confirmation code before continuing," the company explained.
"Firstly, for developers, we recommend applying non-SMS-based MFA to protect all of their accounts as with authenticator apps as a bare minimum, in addition to strong passphrases. Then, of course, the equipment used for development needs to be protected by strong security software as well to avoid information-stealing malware taking over the whole identity of a developer."
"For Steam/Valve, we would suggest introducing a certificate-based, strong MFA solution to maximize the security posture of their ecosystem as a whole. We must not forget that users trust the platform, believing they take care of the security of the individual developers," he added.
News URL
https://www.helpnetsecurity.com/2023/10/17/steam-sms-confirmation/