Steam Game People Playground Hit by Malware via the Steam Workshop

The Steam Workshop for People Playground was compromised on February 1 2026 when a malicious mod named “FPS++” was uploaded. Once enabled, the worm silently voted for itself, edited every workshop item belonging to the infected account, and re‑uploaded altered versions with added tags. It also created a duplicate public item, erased local configuration files, deleted maps, contraptions and preferences, and reset in‑game statistics while leaving playtime untouched. The damage was irreversible for most users, forcing some to resort to third‑party tools to spoof lost achievements. The developer responded by shutting down the Workshop, releasing a security patch, and restoring service on February 6.

This breach underscores a systemic vulnerability in user‑generated content ecosystems. Similar attacks have plagued titles such as Cities: Skylines (2022), Cities Skylines 2 (2024 DLL hijacking), and the Downfall mod for Slay the Spire (2023 account hijack). Valve’s November 2023 policy changes—mandatory code signing and stricter upload vetting—were intended to curb such abuse, yet the People Playground episode shows that determined actors can still bypass safeguards. The incident also raises questions about the effectiveness of Steam’s automated detection tools and the responsibility of developers to sandbox third‑party assets.

For publishers, the lesson is clear: enforce strict validation, isolate mods in sandboxed environments, and provide rapid rollback mechanisms. Users should treat workshop downloads with the same caution as any executable, verifying author reputation and limiting permissions where possible. Industry‑wide, a shift toward decentralized verification—such as community‑driven reputation scores or cryptographic signing of assets—could reduce reliance on a single gatekeeper. As the modding community continues to fuel game longevity, balancing openness with security will become a competitive differentiator, prompting platforms like Steam to invest further in proactive threat intelligence.