77,000 Steam users are hacked every month. Here’s how Valve is fixing it


One of the crucial parts of Steam — the computer gaming platform developed by Valve Software — is the economy of trading items. Steam allows for trading of items and collectibles that are often tied to real-money gains, which could potentially net users a tidy sum of cash for their hard work and dedication to playing a single game on Steam or participating in one of its annual events.

But in a blog post yesterday, the company says that trading has become a massive security problem. The rarity of items, combined with the lucrative aspects of the trading economy, means that hackers have been systematically targeting Steam users to pillage their items storage. It has caused a massive influx of Steam Account hacking issues, to the tune of 77,000 accounts monthly.

The company says “practically any active Steam account” is worth a hacker’s time:

The “I got hacked” story is told so frequently it’s become commonplace. And that makes it easy to forget its significance; compromised security of email accounts and PCs, Steam account violation, and theft. We used to hold the opinion that if you were smart about account security, you’d be protected–it’s easy to assume that users whose accounts were stolen were new or technically naïve users who must be sharing their passwords or clicking on suspicious links. That’s simply not the case.

Organized hacking networks found within Steam has meant that no one in the community is safe — especially those who haven’t turned on Steam’s two-factor authentication for mobile. In an effort to help those who can’t activate two-factor authentication, due to lack of mobile device or otherwise, the company has instituted new measures to help stem the skyrocketing number of hacks, which has increased twenty-fold as the primary complaint from Steam users.

Primarily, this means instituting trade holds. Valve outlined the logic trade holds, and exactly how they work:

  • Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on.
  • Otherwise, items will be held by Steam for up to 3 days before delivery. If you’ve been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
  • Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.

Valve acknowledges that it’s not a fool-proof method, and that it makes trading harder for the community at large. But at this rate, the company also doesn’t have much of a choice: the hacking is so prevalent that it poses a severe risk to the platform’s usership. And a platform without users isn’t much of a platform at all.

But the continued hacking of Steam does bring up an important point: even the most savvy, security-minded among us can be victims to a hack. There’s no guarantee.

Steam [via Gamespot]


Read next: Anonymous asks the Web for help in its faltering fight with ISIS