According to the latest blog post from Valve, there are 77,000 Steam accounts hacked each month. But, this is something the company has been facing from day one.
The blog post revealed how badly Valve has failed to protect its customers. Especially, from the time they started Steam trading four years back. There has been a 2000 percent increase in the instances of hacking since the launch of trading on the accounts.
“Having your account stolen, and your items traded away, is a terrible experience, and we hated that it was becoming more common for our customers,” Valve said.
Valve’s solution is not ideal.
The solution so far provided by the company to the consumers is a duplication of the lost items, which is far from an ideal solution because most of the stolen items are of a rare variety and is a loss to the company devalues the item itself.
“We were fully aware of the tradeoff here. Duplicating the stolen items devalues all the other equivalent items in the economy,” Valve said. “This might be fairly minor for common items, but for rare items, this had the potential to significantly increase the number in existence.”
Valve have now started work on its security by fixing the loopholes in the system and also by making the accounts secure through two-factor authentication for all the accounts and a self-locking system. Furthermore, they have improved the system of alerting the users when their account is at significant risk.
Users to be blamed
But, despite these measures from the company user’s account are still hacked for users are to be blamed because they are not using the new security features and allowing a hacker to hack their accounts.
“At this time, most people have not protected their account with this increased level of security,” Valve said. “Many don’t believe that they are actually a worthwhile target for a hacker who’s out to make money. Some felt they were smart enough about security to not need two-factor authorization. And other users knew they needed it, but couldn’t use it due to reasons beyond their control, like not having access to a mobile phone.”
Removal of trading not a good idea
Valve is also considering complete removal of trading on the accounts, but this would not do good to the users as trading things allow users to share their things with their friends when they are in need and also exchange things they don’t have in their inventory.
“Another easy choice would have been to require two-factor authentication for trading, but that’s bad for the same reasons as removing it entirely,” it said. “It’s important that you can give a friend a TF2
the weapon when he comes to try out the game or give a friend the last trading card she needs to craft a game badge.”
Three major changes
Now Valve has introduced three major changes for making trading on stream secure:
1- If anyone loses any items while trading he must had Steam Guard Mobile Authenticator enabled and should have trade confirmations turned on for at least 7 days. If not, steam will hold up the items for 3 days before delivery.
2- If trading is done with people the user had been friends with for at least 1 year, steam will hold up the item 1 day before delivery.
3- Accounts which have Mobile Authenticator enabled for at least 7 days will be allowed to trade through new devices because they are protected through mobile Authenticator
Though, Valve accepts that these measures are not perfect, but they can certainly put significant breaks on the hacking of the steam account.
“Anytime we put security steps in between user actions and their desired results, we’re making it more difficult to use our products,” Valve said. “Unfortunately, this is one of those times where we feel like we’re forced to insert a step or shut it all down. Asking users to enter a password to log into their account isn’t something we spend much time thinking about today, but it’s much the same principle–a security cost we pay to ensure the system is able to function. We’ve done our best to make the cost as small as possible, for as few people as possible while still retaining its effectiveness,” according to the blog post.
Other Gaming Accounts Under Attack:
Steam users are not the only victims of data theft. In the past, Grand Theft Auto (GTA) players also had their gaming accounts stolen.
How to protect your gaming accounts:
If the vulnerability is not from the developers themselves the users are advised not to download pirated versions of these games and avoid using modifications (MODS). Earlier this year, “Grand Theft Auto V” users who installed mods on their devices had their accounts stolen due to an embedded malware.
Currently, the video game Fallout 4 has its pirated copies embedded with a malware. A Reddit user complained that after installing the Fallout 4 pirated version he lost 4.88 bitcoins (nearly 2000 USD) from his computer.