Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Valve corporation

Valve corporation Vendor Cyber Rating & Cyber Score

valvesoftware.com

Valve is an entertainment software and technology company founded in 1996 and based in Bellevue, Washington. The company’s debut title, Half-Life, has won over 50 Game of the Year Awards and was named "Best PC Game Ever"​ in the November 1999, October 2001, and April 2005 issues of PC Gamer, the world's best-selling PC games magazine. Valve’s portfolio also includes titles in the award-winning Counter-Strike, Day of Defeat, Team Fortress, Left 4 Dead, Portal and Dota franchises. This portfolio of titles accounts for over 100 million units sold worldwide, and include some of the most played online games in the world. In addition to producing best-selling entertainment titles, Valve is a developer of leading-edge technologies including the


Valve corporation A.I CyberSecurity Scoring

Valve corporation
Company Information
Website:https://www.valvesoftware.com
Employees number:1,730
Number of followers:286,133
NAICS:51126
Industry Type:Computer Games
Homepage:valvesoftware.com
Valve corporation Risk Score (AI oriented)
Between 600 and 649
logo
Valve corporationComputer Games
Updated:
17/06/2026
608/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Valve corporation Global Score (TPRM)
xxxx
logo
Valve corporationComputer Games
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Valve corporation
Valve corporationPoor
Current Score
608Caa (POOR)
01000
5 incidents
-11.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
610Before Incident
JUNE 2026
627Before Incident
Cyber Attack
17 Jun 2026Valve corporation
Valve: Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers

Sophisticated Malware Campaign Exploits Steam Workshop to Target Gamers

608After Incident
CRITICAL-19
VAL1781684649
Sophisticated Malware Campaign Exploits Steam Workshop to Target Gamers A recent malware campaign has leveraged Steam Workshop and Wallpaper Engine to distribute backdoors, infostealers, and crypto miners, primarily affecting gamers in China (89% of cases) and Russia (5.5%), with additional infections reported in Singapore, Hong Kong, Germany, Vietnam, India, and Canada. ### How the Attack Works Threat actors abused Wallpaper Engine’s "application" wallpaper type, which allows standalone executables to run as animated desktop backgrounds. By embedding malicious payloads within these wallpapers often hidden in password-protected archives or bundled with legitimate files attackers tricked users into executing arbitrary code upon installation. Once activated, the malware deployed in multiple stages: 1. A backdoor (e.g., Synaptics.exe, linked to the DarkKomet family) was dropped. 2. A secondary module (e.g., ._cache_GAME1.exe) installed a tampered system library (AggregatorHost.dll). 3. The library hijacked active Steam sessions, harvesting authentication tokens and credentials. 4. Stolen data was exfiltrated to attacker-controlled servers (e.g., hxxp://120.48.156[.]17/ey.php), enabling account takeovers and further malicious uploads via compromised profiles. ### Malware Arsenal & Impact The campaign distributed a diverse toolkit, including: - Infostealers (Vidar, Lumma) - Backdoors (DarkKomet) - Crypto miners (sapping system resources) - Ransomware variants - Python-based trojans Localized artwork and titles suggested deliberate targeting of Chinese users, though the infrastructure could be repurposed globally. ### Steam’s Response & Detection Steam removed identified malicious Workshop items, but the incident highlights platform moderation challenges against persistent abuse. Security vendors detected samples using heuristics like HEUR:Trojan-PSW.Win32.gen and HEUR:Backdoor.Win32.DarkKomet, though proactive defenses are required to mitigate risks. The attack underscores a growing trend: legitimate community platforms are increasingly weaponized to bypass traditional security measures.
INCIDENT DETAILS -
TYPE
Malware Campaign
MOTIVATION
Data theft, account takeovers, crypto mining, ransomware deployment
IMPACT
Data Compromised: Authentication tokens, credentials, personally identifiable informationSystems Affected: Gaming PCs, Steam accountsOperational Impact: System resource sapping (crypto miners), account takeoversBrand Reputation Impact: Moderation challenges for Steam, potential erosion of user trustIdentity Theft Risk: High (harvested credentials and authentication tokens)
DATA BREACH
Authentication tokensCredentialsPersonally identifiable informationSensitivity Of Data: High (authentication tokens, credentials)Data Exfiltration: Yes (to attacker-controlled servers: hxxp://120.48.156[.]17/ey.php)Personally Identifiable Information: Yes
MAY 2026
623Before Incident
APRIL 2026
623Before Incident
MARCH 2026
623Before Incident
Vulnerability
18 Mar 2026Valve corporation
Jenkins and Valve: New DDoS Malware Exploits Jenkins to Attack Valve Source Engine Game Servers

New DDoS Botnet Targets Valve Source Engine Game Servers via Exposed Jenkins Instances

619After Incident
MEDIUM-4
JENVAL1777645518
New DDoS Botnet Targets Valve Source Engine Game Servers via Exposed Jenkins Instances Security researchers at Darktrace uncovered a sophisticated DDoS botnet exploiting misconfigured Jenkins servers to launch attacks against Valve Source Engine game infrastructure, including Counter-Strike and Team Fortress 2 servers. The malware, first detected on March 18, 2026, via Darktrace’s CloudyPots honeypot network, stands out for its cross-platform capabilities and precise targeting of the gaming sector a growing focus for cybercriminals, which Cloudflare ranks as the fourth most attacked industry globally. The attack begins with threat actors scanning for Jenkins instances with weak or default credentials, leveraging an exposed remote code execution (RCE) endpoint to deploy malicious payloads. Once inside, the malware delivers Windows and Linux variants: on Windows, it downloads a disguised system update file, while on Linux, it executes a Bash script to fetch and run a payload from the /tmp directory. Both use a Vietnamese-hosted IP (103[.]177.110.202) for command-and-control (C2) and payload delivery an unusual consolidation that reduces operational resilience. The botnet employs multiple DDoS techniques, including UDP floods, TCP push attacks, and HTTP request floods, with a particularly effective method called "attack_dayz." This tactic exploits Valve Source Engine’s query protocol, sending small requests that trigger disproportionately large responses, overwhelming servers with minimal attacker bandwidth. The malware also ensures persistence by: - Manipulating Jenkins environment variables ("dontKillMe") to evade process timeouts. - Renaming itself to mimic legitimate Linux kernel processes ("ksoftirqd/0" or "kworker"). - Using double forking and redirecting logs to /dev/null to avoid detection. - Ignoring termination signals (SIGTERM) to resist manual shutdowns. Once active, the malware connects to the C2 server, reporting system details and awaiting attack commands. It supports three utility functions: PING (keep-alive), !stop (termination), and !update (self-updating). Darktrace recommends blocking TCP port 5444 (used for C2 communication) and the identified attacker IP at the network perimeter, alongside securing Jenkins instances with strong authentication and restricting public access.
INCIDENT DETAILS -
TYPE
DDoS Botnet
MOTIVATION
Disruption of gaming services (potential financial gain or competitive advantage)
IMPACT
Systems Affected: Valve Source Engine game servers (Counter-Strike, Team Fortress 2)Operational Impact: Overwhelmed game servers leading to service disruptionBrand Reputation Impact: Potential reputational damage to Valve and affected game communities
FEBRUARY 2026
622Before Incident
JANUARY 2026
619Before Incident
DECEMBER 2025
611Before Incident
NOVEMBER 2025
613Before Incident
OCTOBER 2025
610Before Incident
SEPTEMBER 2025
607Before Incident
AUGUST 2025
604Before Incident
MAY 2025
701Before Incident
Breach
01 May 2025Valve corporation
Valve Corporation

Steam User Records Leak

591After Incident
CRITICAL-110
VAL546051425
Valve Corporation, the owner of Steam, faced a potential breach involving the leak of 89 million Steam user records with one-time access codes. The data was advertised for sale by a threat actor known as Machine1337. A sample of 3,000 records, containing historic SMS text messages with one-time passcodes for Steam, was examined by BleepingComputer. The incident is suspected to be a supply-chain compromise involving Twilio, a cloud communications company providing APIs for SMS and 2FA messages. Twilio denied any breach, but acknowledged investigating the situation. The data's origin is unclear, but it may come from an SMS provider intermediating communication between Twilio and Steam users. Steam users are advised to enable Steam Guard Mobile Authenticator for added security.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain
IMPACT
One-time access codesHistoric SMS text messages with one-time passcodes
DATA BREACH
One-time access codesHistoric SMS text messages with one-time passcodesSensitivity Of Data: HighSMS text messages
FEBRUARY 2025
764Before Incident
Breach
01 Feb 2025Valve corporation
Valve

Malicious Code in PirateFi Game on Steam Platform

698After Incident
CRITICAL-66
VAL000021525
Valve Corporation experienced a significant cybersecurity incident when the game PirateFi on its Steam platform was found to contain malicious code, designed to steal browser cookies and hijack accounts. The malware, identified as 'Trojan.Win32.Lazzzy.gen', prompted Valve to advise affected users to undertake a full reformat of their operating systems to eradicate the threat. This action indicates a substantial impact, where personal user data was likely compromised. The scale of the incident is notable, with an estimated reach of over 800 users who downloaded the game. The immediate removal of the game and public notification highlight Valve's response to containing the situation and preventing further damage.
INCIDENT DETAILS -
TYPE
Malware
MOTIVATION
Data Theft
IMPACT
Browser CookiesAccount InformationUser Operating SystemsBrand Reputation Impact: ModerateIdentity Theft Risk: High
DATA BREACH
Browser CookiesAccount InformationNumber Of Records Exposed: 800Sensitivity Of Data: HighData Exfiltration: Yes
FEBRUARY 2012
767Before Incident
Breach
08 Feb 2012Valve corporation
Valve Corporation

Valve Corporation Data Breach

709After Incident
MEDIUM-58
VAL1028080425
The California Office of the Attorney General reported a data breach involving Valve Corporation on February 8, 2012. The breach is related to a network intrusion that likely resulted in the unauthorized access to a database containing user names, email addresses, encrypted billing addresses, and encrypted credit card information, although no evidence of credit card misuse has been found.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
user namesemail addressesencrypted billing addressesencrypted credit card information
DATA BREACH
user namesemail addressesencrypted billing addressesencrypted credit card informationbilling addressescredit card informationuser namesemail addressesbilling addresses

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Valve corporation ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Valve corporation's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Valve corporation's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Valve corporation ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Valve corporation's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?