Valve Runs Its Massive PC Gaming Ecosystem With Only About 350 Employees

Valve had its employee and payroll data leaked through a poorly redacted document in an antitrust lawsuit in May, offering a rare glimpse into the company’s small but impactful workforce over the years. As first noticed by SteamDB’s Pavel Djundik, Valve’s significant influence in PC gaming transactions has been maintained by just a few hundred employees. Kyle Orland reports via Ars Technica: It’s striking to consider just how small Valve is compared to other major players in the game industry. In 2021, Microsoft estimated Valve’s annual revenue at $6.5 billion, roughly on the same scale as EA’s $7.5 billion in 2024 revenue. But Steam achieved those numbers with around 350 employees, compared to well over 13,000 people employed by EA. The disparity highlights just how much money Valve brings in with a relatively small workforce. And a lot of that is thanks to the chunk of revenue Valve takes from every sale on Steam. The dominant PC gaming marketplace has seen a massive increase in the number of annual game releases since 2012 or so, thanks to initiatives like Steam Greenlight and Steam Direct.

Yet, surprisingly, the size of the “Steam” department inside Valve has shrunk in recent years, from a peak of 142 employees in 2015 down to just 79 in 2021. From the outside, having just 79 employees keeping track of more than 11,000 Steam releases in 2021 is a pretty incredible ratio. Some readers may also be surprised that Valve’s “Games” department has represented a majority of the company’s headcount since 2003. That has remained true (though to a lesser extent) even in more recent years, as Valve’s output of new games has become much more occasional. It seems likely a large number of those Games department employees are devoted to ultra-popular Valve games like Dota 2 and Counter-Strike 2, which enjoy tens of millions of players and need significant support work.

The leaked data also shows the slow rise of Valve’s small Hardware department, which started with just three employees in 2011 as the company began work on its doomed Steam Machines initiative. Transitioning into the Valve Index era in the late 2010s, the hardware department still represented just a few dozen people and a paltry 3 to 4 percent of the company’s annual payroll. By the time we hit 2021 and the run-up to the Steam Deck, the Hardware division still makes up just 12 percent of Valve’s small total headcount. Looking back, it’s impressive that such a small team was able to create a portable gaming device that quickly spawned a whole micro-industry of imitators. We can only hope the Hardware team got a little more employee support in the wake of the Steam Deck’s market success.

Read more of this story at Slashdot.

UK Nears 1 Million EV Chargers

According to lobby group ChargeUK, there were 930,000 electric car chargers in the UK at the end of June, with the majority residing in homes and at businesses. Only about 65,000 public chargers are available. The Guardian reports: The ChargeUK analysis showed that a new public charger was installed every 25 minutes in the spring quarter as companies raced to keep up with demand. Companies installed 5,100 public chargers during the second quarter of 2024, according to the data company Zapmap. […] There are 1.1 million electric vehicles on UK roads, including 167,000 cars sold in the first half of this year, according to the Society of Motor Manufacturers and Traders lobby group. That is a 9% increase compared with the previous year, although the share of electric sales only increased marginally to 16.6%, as relatively higher upfront prices and rising interest rates deterred some buyers.

ChargeUK’s analysis, which was carried out by the thinktank New AutoMotive, suggested that the private sector was confident it could meet a target set by the previous Conservative government of 300,000 public charge points by 2030. “In little more than a decade, the UK’s charging sector has grown to become a major player in the green economy, providing the infrastructure that more than a million EV drivers rely on today and scaling fast to deliver the charging needed through to 2030 and beyond,” said Vicky Read, the chief executive of ChargeUK.

Read more of this story at Slashdot.

Cloudflare Reports Almost 7% of Internet Traffic Is Malicious

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, “up a percentage point from last year’s study,” writes ZDNet’s Steven Vaughan-Nichols. “Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan.” From the report: […] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it’s not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What’s worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don’t have a tight grip on their internet services or website APIs can’t possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should — each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

Read more of this story at Slashdot.

Rite Aid Says Breach Exposes Sensitive Details of 2.2 Million Customers

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver’s license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

“On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems,” the company said in a filing. “We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted.” Ars Technica’s Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn’t respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

Read more of this story at Slashdot.