After Hackers Distribute Malware In-Game Updates, Steam Adds SMS-based Security Check for Developers
Valve, the company behind the Steam gaming platform, is introducing a new security feature in response to reports of game updates being infected with malware. The feature involves SMS-based two-factor authentication for game developers, where they receive a confirmation code via text message to log into their accounts. However, this method has been criticized as it can be bypassed through SIM swap attacks. Experts suggest that Valve should have implemented stronger forms of authentication such as app-based TOTP or hardware security keys. Game developers are advised to add their phone numbers to their accounts before October 24, 2023. It is also recommended to have proper defenses in place on the devices used for accessing Steam developer accounts and building games.