Slay the Spire standalone fan expansion Downfall was hacked on Steam, and some of the game’s players may now be vulnerable to malware.
Slay the Spire is one of the surprise card game hits in recent years, and one of the reasons for its staying power is its stellar community support. Fan expansions such as Downfall ensure that Slay the Spire continues to have new content, in between official updates from the game’s developers.
Unfortunately, these fan-made expansions are not necessarily safe from malicious hackers. On December 25, likely when the devs were spending time with friends and family, hackers took the opportunity to hijack the developers’ Steam and Discord accounts. Much like the recent Insomniac leaks, these attacks went after personal data.
Is Slay the Spire: Downfall safe to install?
Slay the Spire: Downfall is now safe to install after the game was hacked, according to its developers. Fortunately, the malware was only up for one hour on the game’s Steam library page before being purged. During that hour, however, people who launched Downfall directly from Steam’s library and saw a Unity library installer pop up were at risk of a malicious malware attack.
The malware breaches the personal data of users as a Trojan, and roots itself deep inside the user’s PC. Downfall’s devs highly suggest that users change any passwords or even wipe affected hard drives entirely if the malware was opened. As of now, Downfall’s devs are working with the community to find out as much as they can about the virus, in order to more fully understand the scope of the damage.
How do I protect my Steam account?
Steam accounts can be better protected by enabling mobile 2FA (2-factor authentication) through the Steam Mobile app. Valve took steps earlier in the year to beef up Steam’s security after several malware attacks were made on the platform. Unfortunately, this won’t stop every single hacking attempt, as Slay the Spire: Downfall being hacked has shown. The best way to prevent hackers from accessing personal data is through mobile 2FA, as unaffected phones are much harder to access for remote hackers.
Valve also requires that 2FA be enabled for Steamworks accounts. If a Steam account is already compromised, scanning the PC for malware and changing all passwords immediately is essential. With so many leaks and data breaches going around in the gaming space, it’s become a stressful holiday season for many in the video games industry.