Last month, Valve introduced Trade Holds to steam, as an attempt to thwart scammers out to rid people of their hard-earned games and game items. Scamming people on Steam has become a lucrative business, given that each and every active Steam account holds a sort of intrinsic value thanks to Valve’s odd, but flourishing virtual economy.
Steam’s Trade Holds put a lock on trading, giving those who aren’t using two factor authentication a little time to stop trades they may not have initiated.
“Trade holds protect your items,” Valve said at the time. “Because Steam accounts are valuable, especially if they have items worth stealing. If you haven’t protected your account with a physical device, a trade hold will give you time to discover your account has been compromised and to prevent items from leaving your account.”
Since then, there’s been a fair bit of grumbling about the whole idea, so Valve’s clarified why they believe the feature is so important. Most notably, they say that up to 77 000 Steam accounts are hijacked every month, and their expensive digital goodies are usually whisked away with them.
“Enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers,” Valve says in a new post on the security issues surrounding Steam’s army of hackers.
“Practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker’s time. Essentially all Steam accounts are now targets.”
What was once a handful of hackers is now an army, and hacking is commonplace.
“What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items. It would be easier for them to go after the users who don’t understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone,” Valve said.
“We see around 77,000 accounts hijacked and pillaged each month. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.
“We can help users who’ve been hacked by restoring their accounts and items, but that doesn’t deter the business of hacking accounts. It’s only getting worse.”
What can you do to help protect yourself? Well, that two-factor authentication using Steam’s mobile app is a great way to start.
“We’ve worked to improve account security features, closed loopholes, improved how and when we message users that their account is at risk, added self-locking, and created the Steam Guard Mobile Authenticator (two-factor authentication).
Two-factor authorization is the use of a separate device to confirm your identity. The security of this system is based on moving that step from your PC to a device a hacker can’t access, such as your smartphone. PCs can be easily compromised, therefore a PC-based authenticator would not provide better security than a password or email authentication.
We needed to create our own two-factor authenticator because we need to show users the contents of the trade on a separate device and have them confirm it there. Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn’t intend to. This basically made it impossible to use a generic third party authenticator, such as Google Authenticator, to confirm trades.”
Last Updated: December 10, 2015