Valve is adding a new security layer for Steam developers. Any Steamworks account authorized to release builds to a publicly available application must have a phone number associated so Steam may send an SMS confirmation code before continuing. The SMS code will also be required whenever an admin account attempts to add a new user to the Steamworks partner group.
Developers who used steamcmd have been notified that they won’t be able to use that anymore to set the default branch of a released app, though it can still be employed to upload builds and prepare beta branches.
In case you’re wondering about this change, it is occurring because of a security breach where hackers got into some developers’ accounts and uploaded malware to their public builds. Here’s the message that Steam has been sending to users who have downloaded those games (via Simon Carless):
We are contacting you because you recently launched […] on Steam. The Steam account for the developer of this game was recently compromised, and the attackers uploaded a new build that contained malware.
The compromised build was uploaded on Aug 24, 2023 @ 9:33AM PST and reverted on Aug 25, 2023 @ 12:06PM PST. If you played on Steam during this time period, it is likely that malware infected your computer.
The build containing the suspected malware was promptly reverted and purged from Steam, but we strongly encourage you to run a full system scan using an anti-virus product that you trust or use regularly and inspect your system for unexpected or newly installed software. You may also consider fully reformatting your operating system to ensure no malicious software remains on your machine.
According to a statement released by Valve to PC Gamer, these Steam games were not at all popular, so fewer than a hundred users have been affected. One of the games affected was NanoWar: Cells VS Virus, as revealed by the maker, Benoît Freslon, on Twitter (X).