77,000 Accounts Hijacked Monthly
In recent years, we have witnessed a revolution in the Steam market: it is more and more difficult to buy and sell items, especially in Dota 2, where almost all dropped items aren’t tradable. Valve has finally decided to explain the reasoning behind its actions.
When an account is compromised, the items are quickly traded between different accounts and finally sold to third parties, often innocent people who never suspect they are buying unlawful items. It is easy to follow the various trades and activities, but is it legit to delete these items from their new owners? Since the end recipient is so often unaware of this situation, Valve decided not to use extreme measures and simply duplicated the lost items for the original owner, a solution with negative repercussions. In this way, they protect every victim of the incident, but in duplicating the items, they also tend to ruin their value on the market, especially for rare ones.
Hijacked accounts continue to increase despite all protection measures implemented by Valve. Initially, it was easier to take control and pillage someone else’s inventory due to the large number of new players who were not used to scammers. To share a link with a malware or even directly ask for someone’s password was a common practice. Everyone probably remembers the “Hello Sir, I’m your brother, pls click this link” scam attempts that got posted countless times on Reddit. Over time, the community became more aware of the situation so fewer people fell into these traps.
Truly the situation is very different: more and more people lose their inventories every year, and now 77,000 accounts are hijacked monthly! The number of hackers has increased, especially because the high value of many Steam portfolios makes it possible for hackers to make a living with this “work”. It isn’t possible to protect your account just by using a safe password and avoiding scammers. If a professional hacker wants your account, there will be no possibility to defend it. Even pro players can suffer from hackers.
Valve studied the situation and found two possible solutions: eliminate any form of trading or implement a two-factor authentication. The former can solve the problem, but it will completely limit our freedom and also cause an huge loss of revenue for Valve, which takes a cut on each item traded on the marketplace. The latter will effectively increase security without limiting our trading capability, but it will also restrict those people that, for any reason, can’t access a mobile phone.
The two-form authentication is safer because you need a second device to confirm your identity. If a PC is hijacked, confirming a trade is a very easy task for hackers, because they can also easily open your emails. However, it is much harder, if not practically impossible, for them to gain access to your mobile phone at the same time. According to Valve, this new system will exponentially increase the security, making your Steam account almost untouchable.
There is only a single problem left: how to defend people that can’t enable it? Valve has already taken action, and the following precautions are already active on all accounts:
- Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.
- If you've been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
- Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
The Mobile Authentication could be considered boring and maybe also an extreme act from those who never suffered from a scam, but in today's reality, our personal computers aren’t safe as they were in the past, and our “pixels” are real exchange goods with a material value.
Skulz 12 December 2015, 17:52 2629 0