To combat malicious updates, Steam game developers are forced to enable SMS verification

According to news from this site on October 16, Valve sent a notification announcing the implementation of additional security measures for Steam game developers, including SMS verification codes.

According to reports, this is mainly in response to recent malicious updates (note from this site: some criminals use stolen Steam game publisher accounts to push malware).

Steamworks is a set of tools and services created by Valve to help developers configure, manage and operate games on Steam. It supports DRM, multiple Player play, live streaming, matchmaking system, achievement system, in-game voice and chat, microtransactions, statistics, cloud content, and community shared content (Steam Workshop).

From the end of August to September 2023, Valve discovered an increase in the number of compromised Steamworks accounts, some of which attackers would use to upload malware, causing players to be infected with virus Trojans.

Valve revealed that only a few hundred users were exposed to the attack, and they were individually informed of the potential vulnerability through notifications sent by the company. To address this issue, Valve announced that it will implement a new security verification policy starting on October 24, 2023, and game developers will have to pass further verification before pushing their software to the default release branch (non-beta release).

The same requirements apply when someone attempts to add a new user to a Steamworks collaboration group that is already protected by email confirmation. This means that starting October 24th, group admins must enable SMS verification codes.

For those using the SetAppBuildLive API, Steam has updated the API to require steamID for confirmation, specifically for changes to the default branch of a published application. That is, setting up a live build using "steamcmd" no longer works for managing the default branch of a published application.

Valve also stressed that there is no solution if developers don’t have a phone number, so they must find a way to receive text messages in order to continue publishing content on the platform.

Advertising statement: The external jump links (including but not limited to hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All articles on the site contain this statement.

The above is the detailed content of To combat malicious updates, Steam game developers are forced to enable SMS verification. For more information, please follow other related articles on the PHP Chinese website!