Gamers have long come to terms with the problem of hacking and account theft in gaming. For the last several years, Sony has had major problems with keeping hackers out of their yard; Xbox users have had accounts stolen and sold and unable to be recovered; and PC gamers have had the misfortune of having their accounts and virtual goods–worth thousands of dollars in some cases–stolen and pilfered to no end. Now Valve has opened up about the problems Steam has faced, and what they’re trying to do to combat hackers, via a Steam blog post.
If you don’t know much about Steam, it’s a service that both sells games digitally and connects gamers in a network for multiplayer games, stat sharing, messaging and more. And not long ago they introduced Steam Trading, the ability to trade virtual goods through the service. Between this, account stats and games owned, users can lose everything all at once in a matter of seconds if they’re target.
According to the blog post, the problem has increased twenty fold since Trading was introduced. The economy of trading works similarly to supply and demand: if the item is more rare, it costs more; if it’s common, it costs lost. To steal an account with a rare virtual good would be akin to steal a vault with a huge diamond inside. Sure, the item is digital, but it’s just as desirable as any real good to the gamers who earn and trade them.
When an item is stolen and traded and traded and traded until it reaches an innocent buyer, Steam doesn’t just take it away. Instead, they duplicate the item so that the innocent buyer and the original victim both have a copy of it. But this upsets the rarity of the items involved, and can negatively impact the victim even after getting their item back.
Steam admitted the problem has only grown over the years. They said:
We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.
And the problem is only getting worse.
In response, they’ve worked on improving account security features, closed loopholes, and changed communication about security measures. The two-factor authorization measure–requiring users to use a separate device to confirm identities–is currently one of their best defenses against hacking, since hackers have less access to personal devices like your smartphone, whereas the PC is easier to get around. But this step hasn’t become mandatory, and still leaves the users who haven’t put the measure into the play vulnerable to attack.
Steam has also delayed the ability to trade purchased goods, forcing users and thieves to wait a week to be able to move items. They’ve also considered removing trading altogether, but decided against it. They’ve considered using the two-factor authentication for trading, but also decided against it. In the end, they decided to implement the following three changes:
Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.
If you’ve been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
Have you ever been hacked? Let us know in the comments below, along with whether you think Steam’s new measures are a step in the right direction.
Source: Steam