Valve tries to curb Steam account hijacking with ‘trade holds,’ two-factor …

11 Dec 2015 | Author: | No comments yet »

77,000 Steam accounts get hijacked every month, so Valve’s getting tough with traders.

Starting now, users will need to enable two-factor authentication if they want item trades to go through immediately. Valve’s Steam Trading platform has a hacker problem—approximately 77,000 accounts are hijacked and pillaged each month, the company revealed this week, prompting it to roll out new security measures. Otherwise, they’ll have to wait up to three days for transactions to clear. (If both parties to the trade have been friends for at least a year, they’ll only have to wait one day.) The idea is that users would have time to see and stop a trade in the event of a hack. And these aren’t just accounts belonging to new or naive users — they’re professional gamers, Reddit users, and item traders, according to a recent Steam blog post. But with the addition of in-game Steam Trading, the issue increased “twenty-fold,” and is now the No. 1 user complaint. “What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items,” the company said.

Valve says that hacking is more widespread now that most users are involved in Steam’s virtual economy in some way, holding virtual items and trading cards that can be traded or sold (for Steam Wallet funds or even real money). Why this matters: As Valve noted in a Steam news post, item theft has become a big business, with roughly 77,000 accounts “hijacked and pillaged” every month. Rare collectible items in games like Counter Strike: Global Offensive can fetch thousands of dollars, motivating hackers to target as many people as they can, and then offload their haul to innocent buyers.

There has been a 2000 percent increase in the instances of hacking since the launch of trading on the accounts. “Having your account stolen, and your items traded away, is a terrible experience, and we hated that it was becoming more common for our customers,” Valve said. The solution so far provided by the company to the consumers is a duplication of the lost items, which is far from an ideal solution because most of the stolen items are of a rare variety and is a loss to the company devalues the item itself. “We were fully aware of the tradeoff here. Valve rolled it out, but “most people” have not enabled it. “Many don’t believe that they are actually a worthwhile target for a hacker who’s out to make money,” Valve said. “Some felt they were smart enough about security to not need two-factor authorization.

But not everyone has signed up to this Steam Guard Mobile Authenticator, so Valve has now introduced restrictions on item trading for anyone not using it. Apparently, this is the most lucrative aspect of the whole scenario and has proven to be the pivotal point around which this hacking racquet has formed itself. Rather than go with a generic solution based on SMS or a third-party app like Google Authenticator, Valve is baking two-factor authentication into its own Steam app.

The company seemed to be studying hacking patterns; what was restricted earlier to a few hackers only operating independently has now evolved into a huge network of cyber criminals that hack at will, but in a very organized manner. Of course, those users can still deal with the waiting period, but the counter-argument is that third-party trading sites like Opskins and betting sites like CSGOShuffle will be hindered, and that trading as a whole will diminish. (A related theory is that Valve is trying to clamp down on off-site trading and boost its own revenue.) Meanwhile, some hackers are already trying to turn the trade escrow news into an opportunity.

Valve realizes that this change will likely have a big impact on an item-trading community, which is used to the convenience of instant trades, but it says “this is one of those times where we feel like we’re forced to insert a step or shut it all down.” “Asking users to enter a password to log into their account isn’t something we spend much time thinking about today, but it’s much the same principle — a security cost we pay to ensure the system is able to function,” says Valve. “We’ve done our best to make the cost as small as possible, for as few people as possible, while still retaining its effectiveness.” The victimized also include some users who have been professional players, item traders and to strangely, Reddit Contributors have also borne the inconveniences of this problem. If the vulnerability is not from the developers themselves the users are advised not to download pirated versions of these games and avoid using modifications (MODS). A lot of users have been at the other end of the line too – they were convinced to buy these products and bought them without knowing that the transaction was not being made by the owner of the account. In order to make things more secure Valve had implemented a system where a user would be asked to verify his identity through a one-time password on his smartphone but users ignored this aspect and did not enable it.

Here you can write a commentary on the recording "Valve tries to curb Steam account hijacking with ‘trade holds,’ two-factor …".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site