Valve Corporation experienced a significant cybersecurity incident when the game PirateFi on its Steam platform was found to contain malicious code, designed to steal browser cookies and hijack accounts. The malware, identified as 'Trojan.Win32.Lazzzy.gen', prompted Valve to advise affected users to undertake a full reformat of their operating systems to eradicate the threat. This action indicates a substantial impact, where personal user data was likely compromised. The scale of the incident is notable, with an estimated reach of over 800 users who downloaded the game. The immediate removal of the game and public notification highlight Valve's response to containing the situation and preventing further damage.
Source: https://securityaffairs.com/174205/malware/valve-removed-a-game-from-steam.html
TPRM report: https://scoringcyber.rankiteo.com/company/valve-corporation
"id": "val000021525",
"linkid": "valve-corporation",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '800',
'industry': 'Gaming',
'name': 'Valve Corporation',
'type': 'Company'}],
'attack_vector': 'Malicious Code in Game',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '800',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Browser Cookies',
'Account Information']},
'description': 'Valve Corporation experienced a significant cybersecurity '
'incident when the game PirateFi on its Steam platform was '
'found to contain malicious code, designed to steal browser '
'cookies and hijack accounts. The malware, identified as '
"'Trojan.Win32.Lazzzy.gen', prompted Valve to advise affected "
'users to undertake a full reformat of their operating systems '
'to eradicate the threat. This action indicates a substantial '
'impact, where personal user data was likely compromised. The '
'scale of the incident is notable, with an estimated reach of '
'over 800 users who downloaded the game. The immediate removal '
"of the game and public notification highlight Valve's "
'response to containing the situation and preventing further '
'damage.',
'impact': {'brand_reputation_impact': 'Moderate',
'data_compromised': ['Browser Cookies', 'Account Information'],
'identity_theft_risk': 'High',
'systems_affected': ['User Operating Systems']},
'initial_access_broker': {'entry_point': 'Malicious Code in Game'},
'motivation': 'Data Theft',
'response': {'communication_strategy': ['Public Notification'],
'containment_measures': ['Removal of Game',
'Public Notification'],
'remediation_measures': ['Full Reformat of User Operating '
'Systems']},
'title': 'Malicious Code in PirateFi Game on Steam Platform',
'type': 'Malware'}