Home As many as 77 000 Steam accounts are hijacked every month

As many as 77 000 Steam accounts are hijacked every month

3 min read
35

steamLogo

Last month, Valve introduced Trade Holds to steam, as an attempt to thwart scammers out to rid people of their hard-earned games and game items. Scamming people on Steam has become a lucrative business, given that each and every active Steam account holds a sort of intrinsic value thanks to Valve’s odd, but flourishing virtual economy.

Steam’s Trade Holds put a lock on trading, giving those who aren’t using two factor authentication a little time to stop trades they may not have initiated.

“Trade holds protect your items,” Valve said at the time. “Because Steam accounts are valuable, especially if they have items worth stealing. If you haven’t protected your account with a physical device, a trade hold will give you time to discover your account has been compromised and to prevent items from leaving your account.”

Since then, there’s been a fair bit of grumbling about the whole idea, so Valve’s clarified why they believe the feature is so important. Most notably, they say that up to 77 000 Steam accounts are hijacked every month, and their expensive digital goodies are usually whisked away with them.

“Enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers,” Valve says in a new post on the security issues surrounding Steam’s army of hackers.

“Practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker’s time. Essentially all Steam accounts are now targets.”

What was once a handful of hackers is now an army, and hacking is commonplace.

“What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items. It would be easier for them to go after the users who don’t understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone,” Valve said.

“We see around 77,000 accounts hijacked and pillaged each month. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.

“We can help users who’ve been hacked by restoring their accounts and items, but that doesn’t deter the business of hacking accounts. It’s only getting worse.”

What can you do to help protect yourself? Well, that two-factor authentication using Steam’s mobile app is a great way to start.

“We’ve worked to improve account security features, closed loopholes, improved how and when we message users that their account is at risk, added self-locking, and created the Steam Guard Mobile Authenticator (two-factor authentication).

Two-factor authorization is the use of a separate device to confirm your identity. The security of this system is based on moving that step from your PC to a device a hacker can’t access, such as your smartphone. PCs can be easily compromised, therefore a PC-based authenticator would not provide better security than a password or email authentication.

We needed to create our own two-factor authenticator because we need to show users the contents of the trade on a separate device and have them confirm it there. Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn’t intend to. This basically made it impossible to use a generic third party authenticator, such as Google Authenticator, to confirm trades.”

Last Updated: December 10, 2015

35 Comments

  1. Alien Emperor Trevor

    December 10, 2015 at 09:23

    I’ve secured mine, yo! Also can’t believe what some people are willing to pay for virtual cosmetics or rare items sometimes.

    Reply

    • Deceased

      December 10, 2015 at 10:26

      heeeey man, I hear you have them good shitz ;}

      Reply

    • HairyEwok

      December 10, 2015 at 11:39

      Well since they also introduced the option to permanently delete games from your steam library I would say it’s quite important to have steam guard now. Just think, they can steal your items and delete your games now. Double whammy.

      Reply

  2. Ottokie

    December 10, 2015 at 09:25

    Mine is also secured with the mobile authenticator, worked well for my WoW account the last 7 years, so did not even hesitate when steam brought it out.

    Reply

    • Ir0nseraph

      December 10, 2015 at 09:28

      Sony needs this , 2 factor auth is a necessity.

      Reply

    • HairyEwok

      December 10, 2015 at 11:41

      Yeah, Blizzard account was hacked twice by some fool who auctioned off my Diablo 3 items. Since I got the authenticator life has been good to me on the Blizzard side.

      Reply

  3. Hammersteyn

    December 10, 2015 at 09:27

  4. bowlingotter

    December 10, 2015 at 09:39

    I’ve been learning to use two-step authentication on pretty much any service that supports it. So glad that Steam has it as well.

    Reply

  5. Captain JJ 4x

    December 10, 2015 at 09:43

    That mobile secure authentication works well.

    Reply

    • Aries

      December 10, 2015 at 10:06

      It doesnt, if that code doesnt come through, you wont be getting it in your steam account anytime soon

      Reply

      • Captain JJ 4x

        December 10, 2015 at 10:12

        Eish. Also true.

        Reply

        • Aries

          December 10, 2015 at 10:13

          Happened on Sunday and Tuesday, so just turned it off for now

          Reply

  6. Captain JJ 4x

    December 10, 2015 at 09:44

    What happens if you change numbers and you don’t change it on your Steam mobile authenticator?

    Reply

    • The Grand Admiral Chief

      December 10, 2015 at 09:45

      Then you divide by 0

      Reply

      • Captain JJ 4x

        December 10, 2015 at 09:46

        You’re not helping! 😛

        Reply

        • The Grand Admiral Chief

          December 10, 2015 at 09:47

          THE UNIVERSE IMPLODES! DO NOT CHANGE YOUR NUMBER!

          Reply

          • Captain JJ 4x

            December 10, 2015 at 09:48

            Sometimes you don’t have a choice. Damn it!

          • The Grand Admiral Chief

            December 10, 2015 at 09:48

            Send me your login details, I’ll check for you

          • Captain JJ 4x

            December 10, 2015 at 09:49

            Okay sure it’s:

            NO!

          • The Grand Admiral Chief

            December 10, 2015 at 09:58

            Come now, I’m still keeping TWO big secrets that you shared, surely a Steam login is worth it

          • Captain JJ 4x

            December 10, 2015 at 10:00

            Hmmm.
            Still no.
            I like to keep the bits of happiness that I have 🙂

          • The Grand Admiral Chief

            December 10, 2015 at 10:03

            Suit yourself Lenny

          • HairyEwok

            December 10, 2015 at 11:43

            He doesn’t want you to see all his hentai JRPG games in his steam library.

          • The Grand Admiral Chief

            December 10, 2015 at 11:48

            Neither do I want to see it

      • Ir0nseraph

        December 10, 2015 at 09:52

        XD

        Reply

  7. Alien Emperor Trevor

    December 10, 2015 at 09:48

    77,000 – wonder if Rants & Vamps are safe.

    Reply

    • The Grand Admiral Chief

      December 10, 2015 at 09:48

      AND Tosh

      Reply

      • Hammersteyn

        December 10, 2015 at 09:52

        I bet I can guess Rant’s password

        Reply

        • Captain JJ 4x

          December 10, 2015 at 09:53

          dierandomorg?

          Reply

        • The Grand Admiral Chief

          December 10, 2015 at 09:58

          IMNOTSTARDUST777?

          Reply

          • Hammersteyn

            December 10, 2015 at 10:00

            LOL

      • miaau

        December 10, 2015 at 13:30

        and Kosh?

        Reply

  8. Aries

    December 10, 2015 at 10:05

    That mobile app is crap, sometimes that code they send to verify doesnt come through and it gives me more hassle than I like

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Tormented Souls Back on for PS4 and Xbox One

Well, it would seem that fans are being listened to, after all. Who would’ve thunk? Back i…