77,000 Steam accounts are highjacked every month
Get the Steam two-factor authentication app, or put up with trading holds. No excuses.
"Essentially all Steam accounts are now targets. It's a losing battle to protect your items against someone who steals them for a living."
Steam has introduced a couple of new security measures on trading. Unless you have the two-factor authentication app activated on a second device, and have had it for seven days, you'll have to wait three days for any goods you've traded away to be delivered. If you're trading with a friend of one year or more, you'll only have to wait one day.
Why? Well, Valve's theory is that this measure will slow down hackers trading away items from compromised accounts. In order to make money from illicitly obtained accounts, hackers need to get the goods out before the legitimate owner can report the hack and have the account frozen, you see.
Valve could just insist on two-factor authentication, but there are plenty of users who just can't use the app for whatever reason. These users will have to swallow some inconvenience, but with any luck, the value prospect of hacking an individual Steam account will go way, way down as a result of these holds.
In a fascinating news post on Steam, Valve dives deep into its thinking. It touches on how simply replacing lost goods can affect the economy and fails to deter hackers, why it can't use a generic authentication app, and most frighteningly, discusses the scope of the Steam hacking scene.
"Enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers," Valve wrote.
"Practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker's time. Essentially all Steam accounts are now targets."
Steam hacking has become "commonplace", Valve said, and even smart users with good security are being caught.
"What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items. It would be easier for them to go after the users who don't understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone," Valve said.
"We see around 77,000 accounts hijacked and pillaged each month. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It's a losing battle to protect your items against someone who steals them for a living.
"We can help users who've been hacked by restoring their accounts and items, but that doesn't deter the business of hacking accounts. It's only getting worse."
Get the two-factor authentication app.