Fewer than 100 Steam users had the games installed, but Valve is adding a new SMS verification step for all developers to try to prevent it from happening again.
It’s not a confirmation via SMS, it’s a verification via SMS, so the attacker has to have your phone number as well as your steam account to attack it, which makes it harder.
That’s why I was saying that this is “working as intended” and that more than likely this was perpetrated by less-than-savory devs who purposefully sold out the people who bought their games. There were no “hackers” only shitty devs that claimed they were hacked after they got caught distributing malware. Again, I may just be overly cynical.
They’re saying the people who bought the game from the original devs may have been the ones to upload the malware. In that case, they could confirm the SMS very easily.
Even authenticator apps are generally better than SMS.
One thing no one talks about with SMS verifications, though, is that it frequently confirms your phone number to the business you’re giving it to. If they’re in the habit of trading user data, this makes the data much more valuable. I think this is the real reason for many businesses that push for it, when normally they could hardly care less about user security.
RCS is a replacement for SMS, used by the majority of mobile carriers in Europe, Northern America, and Asia. It is used by default in all supported regions.
It’s not a confirmation via SMS, it’s a verification via SMS, so the attacker has to have your phone number as well as your steam account to attack it, which makes it harder.
That’s why I was saying that this is “working as intended” and that more than likely this was perpetrated by less-than-savory devs who purposefully sold out the people who bought their games. There were no “hackers” only shitty devs that claimed they were hacked after they got caught distributing malware. Again, I may just be overly cynical.
They’re saying the people who bought the game from the original devs may have been the ones to upload the malware. In that case, they could confirm the SMS very easily.
And SMS messages can be intercepted. Not a good option, use physical security keys instead!
Even authenticator apps are generally better than SMS.
One thing no one talks about with SMS verifications, though, is that it frequently confirms your phone number to the business you’re giving it to. If they’re in the habit of trading user data, this makes the data much more valuable. I think this is the real reason for many businesses that push for it, when normally they could hardly care less about user security.
deleted by creator
RCS messages are encrypted using TLS.
deleted by creator
RCS is a replacement for SMS, used by the majority of mobile carriers in Europe, Northern America, and Asia. It is used by default in all supported regions.
deleted by creator
Most of them do, because as you have noted before, SMS protocol is not secure.
deleted by creator
Only if you have the access to the same mast, otherwise no. This vastly reduces the number of attack vectors.