Valve to implement security improvements for Steam devs accounts after attacks of games updated with malware

Untitled.jpg

Some Steam game developers have fallen victim to hackers recently, as the attackers gained access to developer accounts and updated games with malware bundled into them. It seems that both game developers and players alike that could have been affected by this attack were contacted directly through an email by Valve, letting them know if they launched one of the compromised games and when the dates of the malware update and build reversions took place:



Some reports mention that less than 100 Steam accounts were affected, and according to some of the emails sent out to the users (which date back to Septermber, 2023), the compromised game builds (for some cases) were updated on August 24th, 2023, and then reverted back on August 25th, 2023. The game mentioned in the Twitter/X post above has been confirmed to be NanoWar: Cells VS Virus developed by Benoît Freslon, who had all of his accounts compromised due to the attack, but at the time of writing, it is yet to be confirmed which other games specifically have been affected by this malware attack, and if the compromised builds were all updated on the same dates listed in the mail or if it was a case-per-case basis for the malware-infected game builds.

As a response to these hacks, Valve has started to take action, and to counter these malware attacks, and improve the security of their developers, Steam will be implementing new changes to manage builds and Steamworks users, in which they are now requiring the Steamworks accounts to have a phone number associated with their account to get an SMS confirmation through the mobile device; basically Two-Factor Authentication/2FA but for certain changes instead of a login, and this will be effective for both managing builds of games as well as adding new users too.

Valve's Developer Event post said:
We wanted to give everyone a heads up on some important changes to how builds will be managed in Steamworks, along with adding new users to your Steamworks partner. As part of a security update, any Steamworks account setting builds live on the default/public branch of a released app will need to have a phone number associated with their account, so that Steam can text you a confirmation code before continuing. The same will be true for any Steamworks account that needs to add new users. This change will go live on October 24, 2023, so be sure to add a phone number to your account now. We also plan on adding this requirement for other Steamworks actions in the future.

As mentioned in the excerpt from Valve, the change will take effect on October 24th, 2023, and Valve is considering implementing said changes for other Steamworks actions later down the road. Some Steam developers haven't been to keen to these kind of changes, but if it means more security for everyone, end-user or developer, it's a necessary change for the better.

:arrow: Source
:arrow: Valve's Developer Event Post
 

64bitmodels

Amateur Nintendo Apathetic
Member
Joined
Aug 1, 2019
Messages
1,490
Trophies
1
Age
18
XP
3,028
Country
United States
This wouldnt be a problem if dev's produced games and not steaming piles of shit that constantly need patched to barely keep running. Then they could go back to putting games on physical media and would never need to worry about this crap.
Physical games can be buggy crocks of shit too. Also, Elden Ring got patches. TOTK got patches, even after a year of polish. Hi-Fi Rush and Resident Evil 4 got patches. Every game needs a set of patches.
 

wartutor

Well-Known Member
Member
Joined
Dec 25, 2012
Messages
799
Trophies
2
Age
46
XP
2,628
Country
United States
Physical games can be buggy crocks of shit too. Also, Elden Ring got patches. TOTK got patches, even after a year of polish. Hi-Fi Rush and Resident Evil 4 got patches. Every game needs a set of patches.
Did you not notice i said "This wouldnt be a problem if dev's produced games and not steaming piles of shit that constantly need patched to barely keep running." Company's use to be held responsible if something was broken in games due to the inability to patch them now they are barely games when released and 99% of them are unplayable until patched multiple times and consumers make excuses for them.
 

DeadSkullzJr

Developer
Developer
Joined
Sep 28, 2017
Messages
1,624
Trophies
1
XP
4,274
Country
United States
No game is bug free (some cases malware free either), but this is one of the reasons I tend to prefer physical media. Majority of the solutions you use, whether it be an operating system (Windows for example), a gaming service, etc. all tend to force you to update just to play what you have. On the PlayStation Vita and Nintendo 3DS, you didn't have to update a game if you didn't want to, you were given the option to continue playing the build you had anyways, you would just be unable to participate in online activities. Digital environments make that much more difficult to achieve, solutions like Steam will automatically update stuff for you, and I'm sure there may be an option to manually update, I know you can pause the updates, but that doesn't count as a means to control what you install. The benefit to physical media is also the fact that the media is written to once, then it basically is locked out from being written to again. The only other means would be patches being potentially malicious, but that also kind of brings me to the next point.

If developers would just stop rushing games and start taking more time to actually test and tune the games, you won't need as many patches that keep being pumped for all of these titles. It would reduce the amount of physical variations that would need to exist as some games tend to have revision releases, and it wouldn't cause people to have to update so damn often just to enjoy a game. I should be able to wait for a game, and play it when it comes out, preferably without having to update it period from day one. It's sad if we need patches right out the damn gate. If patches are absolutely necessary, then take the damn time to tune that ONE patch, instead of being suboptimal with multiple. I could also apply this to a lot of homebrew too, can't tell you how many ridiculous versions exist for certain homebrew software, all because someone didn't want to test their own work.

I feel like situations like these could be avoided with better actions. Either fix your game so you don't need billions of patches, or making it so updates aren't forced automatically, then you won't have to deal with potential malware either.
 

codezer0

Gaming keeps me sane
Member
Joined
Jul 14, 2009
Messages
3,651
Trophies
2
Location
The Magic School Bus
XP
4,938
Country
United States
Good. Another verification step that makes things safer on the users end. Adds maybe 10 seconds of effort for the dev.
And adds ten more hours of brain damage levels of screeching for why their latest game is only making $10 per second instead of $10.01 like their forecasts depended on to afford that 13th yacht the ceo wants.
 

64bitmodels

Amateur Nintendo Apathetic
Member
Joined
Aug 1, 2019
Messages
1,490
Trophies
1
Age
18
XP
3,028
Country
United States
If developers would just stop rushing games and start taking more time to actually test and tune the games, you won't need as many patches that keep being pumped for all of these titles.
If someone hacked into your Steam account or whatever and were trying to upload a virus through a game update then it wouldn't matter how bugfree the game is, the virus is still going to be getting in there. This isn't a result of buggy games or digital only or patches it's quite simply just incompetence on the part of Valve. (and the developers, somewhat)

The real takeaway should be that people who develop games should make it a priority to keep their software and databases in check so no asshole comes in trying to make everything worse for everyone. Or in other words don't be an idiot and avoid a scam/virus when you see one.
 

Gamemaster1379

Well-Known Member
Member
Joined
May 5, 2008
Messages
855
Trophies
2
Age
30
Location
United States
Website
1379tech.110mb.com
XP
2,597
Country
United States
So, you can get virus even when you legit buy game, get them from official servers, and all...?
There was a time when it was one of the only few advantages of buying games, to be sure to not get malware.
Post automatically merged:


i dont know how this thing worked, but it did. It didn't require wifi or anything afaik. I had one and never configurated it. View attachment 398840

There was a serial code on the back that I entered in my account, and it was all set. I pressed the button and it gave me a code that i would enter as a OTP.
Basically, how these things work is there is a very complex, long secret/token (think password, basically) that the device knows about. You, the user, transmit the code to the service on the other side you want to log into (or, they already have it if they issued it to you). This exchange happens exactly once. That secret/token is never exchanged again for security reasons.

From there, both sides have a special algorithm that uses the secret and the current time, and calculates them in a special way to produce a 6 digit code.

When you log in, you provide that 6 digit code to the server, and it uses its secret and tries to calculate it. If they match, you're let in. If they don't, it fails.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    kijetesantakalu042 @ kijetesantakalu042: damn it's temperature out there