Hacking Steam accounts isn’t a new phenomenon, it’s something that’s been going on since its inception. However, it’s now more common than ever before and “essentially all Steam accounts are now targets,” Valve stated in a blog post talking about security.
Valve pegs the number of Steam accounts that are hijacked and pillaged each month at 77,000 and points out they’re not new or inexperienced users.
“These are professional SC:GO players, Reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually,” Valve said, adding that hackers are more than willing to “wait months for a payoff, all the while relentlessly attempting to gain access.”
So what’s going on with the surge in hacker activity? It dates back to the introduction of Valve’s Steam Trading platform four years ago. Since then, account hacking has increased twenty-fold to become the top complaint among users, and it’s becoming more of a problem.
Valve says that enough money now moves around the system that stealing virtual Steam goods is a full fledged business for skilled hackers. And with nearly every account making up part of the economy with items or trading cards, hackers have found more than enough value to make pillaging worth their time.
“What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items,” Valve said. “It would be easier for them to go after the users who don’t understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone.”
Kudos to Valve for acknowledging the problem, but what is doing about it? According to Valve, it’s worked to beef up security by closing loopholes, improving how and when it messages users that their accounts are at risk, and added things like self-locking and two-factor authentication.
The problem for Valve is that not everyone is using the security tools at their disposal, and specifically two-factor authentication. Valve considered removing Steam’s trading feature, but rather than go that route, it’s going to push two-factor authentication hard.
Specifically, here are the changes Valve is rolling out:
- Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.
- If you’ve been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
- Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
Valve says user who haven’t enabled two-factor authentication can still trade, but they’ll have to wait up to 3 days for the trade to go through. It’s Valve’s hope that the waiting period will give Steam and users enough time to discover shenanigans and stop potential theft.