Breach cyber

Valve

Feb 15, 2025 1 min read
Valve

Valve Corporation experienced a significant cybersecurity incident when the game PirateFi on its Steam platform was found to contain malicious code, designed to steal browser cookies and hijack accounts. The malware, identified as 'Trojan.Win32.Lazzzy.gen', prompted Valve to advise affected users to undertake a full reformat of their operating systems to eradicate the threat. This action indicates a substantial impact, where personal user data was likely compromised. The scale of the incident is notable, with an estimated reach of over 800 users who downloaded the game. The immediate removal of the game and public notification highlight Valve's response to containing the situation and preventing further damage.

Source: https://securityaffairs.com/174205/malware/valve-removed-a-game-from-steam.html

TPRM report: https://scoringcyber.rankiteo.com/company/valve-corporation

"id": "val000021525",
"linkid": "valve-corporation",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '800',
                        'industry': 'Gaming',
                        'name': 'Valve Corporation',
                        'type': 'Company'}],
 'attack_vector': 'Malicious Code in Game',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '800',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Browser Cookies',
                                              'Account Information']},
 'description': 'Valve Corporation experienced a significant cybersecurity '
                'incident when the game PirateFi on its Steam platform was '
                'found to contain malicious code, designed to steal browser '
                'cookies and hijack accounts. The malware, identified as '
                "'Trojan.Win32.Lazzzy.gen', prompted Valve to advise affected "
                'users to undertake a full reformat of their operating systems '
                'to eradicate the threat. This action indicates a substantial '
                'impact, where personal user data was likely compromised. The '
                'scale of the incident is notable, with an estimated reach of '
                'over 800 users who downloaded the game. The immediate removal '
                "of the game and public notification highlight Valve's "
                'response to containing the situation and preventing further '
                'damage.',
 'impact': {'brand_reputation_impact': 'Moderate',
            'data_compromised': ['Browser Cookies', 'Account Information'],
            'identity_theft_risk': 'High',
            'systems_affected': ['User Operating Systems']},
 'initial_access_broker': {'entry_point': 'Malicious Code in Game'},
 'motivation': 'Data Theft',
 'response': {'communication_strategy': ['Public Notification'],
              'containment_measures': ['Removal of Game',
                                       'Public Notification'],
              'remediation_measures': ['Full Reformat of User Operating '
                                       'Systems']},
 'title': 'Malicious Code in PirateFi Game on Steam Platform',
 'type': 'Malware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.