I wasn’t able to find a list of affected games. I wish valve would be more open about this.
One of the games said to have been affected was “NanoWar: Cells VS Virus”, by developer Benoit Fresion.
SMS? I don’t understand why Valve hates TOTP so much. And before you say: “They have an MFA app…”, yes they do, but even then they force people to use their own app with a special pattern instead of just following the normal standard used by Google, Microsoft and any other MFA apps… it’s like they do it on purpose for people to not use MFA at all.
You mean this wasn’t already the standard?
Valve’s security practices have been known to be bad for years. They famously didn’t fix some developer side bugs until they were exploited. There was some XSS error or similar on the developer side years ago, and Valve didn’t fix it, even after reported, until a developer exploited it.
They also had issues with the password reset after Heartbleed, and some random user logged in using an exploited password and renamed some AAA games to read something like, “Valve, please reset partner passwords due to Heartbleed.” Valve got lucky that the user didn’t do anything malicious…
