Valve Implements SMS Verification to Thwart Hackers, Safeguard Developer Accounts

Valve's Steam tightens security for game developers by implementing SMS verification.

RUMOR: Microsoft Is Looking to Buy Steam Owner Valve for $16 Billion
Rumors are circulating that Microsoft plans to acquire Valve for $16 billion, but these claims lack credible sources and face skepticism due to Valve's successful independence and Microsoft's recent antitrust challenges with its Activision Blizzard acquisition Steam

Valve is set to roll out a critical change.

Starting Oct 24, Steam developers will be required to associate a phone number with their accounts, implementing SMS verification for essential actions such as publishing new game versions and adding users to their accounts, Eurogamer.net reports.

The move follows a series of alarming incidents in which hackers infiltrated developer accounts and compromised game builds.

Steam's Move to Thwart Malware Attacks

Valve's motivation for this transformative security measure stems from recent events where hackers exploited vulnerabilities to access developers' accounts and tamper with game builds.

Although the impact was relatively contained, affecting fewer than 100 Steam users, one developer's story highlights the far-reaching consequences.

As first reported by PCGamer, Benoît Freslon, the developer behind "NanoWar: Cells VS Virus," disclosed that the hackers had not only infiltrated his account but also obtained control over his browser access tokens.

This attack enabled them to access any service linked to his account, raising concerns about the security of games and a developer's entire digital footprint.

Security Measures: Adding SMS Confirmation

Valve is making substantial changes to the Steamworks platform, the suite of tools available to developers to integrate Steam's functions into their games to counteract such threats.

With the new security measures in place, any developer who wishes to update a game build to the default branch will now receive a confirmation code via SMS.

This code must be entered to set the default branch, ensuring only authorized users can make these crucial changes. Notably, this requirement does not apply to unreleased games or updates to beta versions.

Moreover, the security enhancement extends to Steamworks administrators when inviting new members to their group.

Administrators will also be required to input an SMS code before sending out an invitation. This two-factor authentication process, alongside email verification, adds an extra layer of protection to ensure that only legitimate individuals can add to developer groups.


More Critical Changes

The company has signaled its intent to expand similar security requirements to other actions on the Steamworks platform in the future.

While the changes may inconvenience some, particularly those who express concerns about the need for a dedicated phone number per account, the broader gaming community recognizes the necessity of these safeguards.

Notably, suggestions for alternative security methods such as one-time passwords (TOTP) or utilizing Valve's Steam Guard system have been raised.

What's In the News?

As of Oct 24, developers are urged to link their phone numbers to their Steamworks accounts, and they can expect this requirement to extend to other actions in the future.

While the changes may necessitate adjustments, they underscore the gaming industry's collective effort to stay one step ahead of those who seek to compromise its integrity.

Stay posted here at Tech Times.

Tech Times Writer John Lopez
(Photo : Tech Times Writer John Lopez)
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics