Steam Logo - Social

Trade delay implemented as problem of account hijacking grows.

Steam accounts have long been a target of thieves, and the issue is only getting worse as the service continues to grow, now affecting as many as 77,000 accounts monthly. A new post from Valve addressing the problem has provided some insight into how pervasive account theft is and new steps the company is taking to protect users.

As new features have been introduced to Steam, most notably Steam Trading which allows transfer of digital goods between users in a barter system, user accounts have only become more attractive for hackers and phishers. With the addition of Steam Trading Cards, now practically every active Steam account now has some worth to a thief and is a potential target.

Valve states that the company initially assumed most compromised users had their accounts stolen due to being new and unfamiliar with the service or otherwise technically unsophisticated. That view has changed in the face of the new economic reality where any account can be worth something, and Valve claims that hackers have become indiscriminate about who they target.

Steam has long offered a measure to protect accounts in the form of the Steam Guard Mobile Authenticator (a feature of the Steam smartphone app that requires a second approval for account logins on unfamiliar devices), but Valve reports that a majority of users haven’t enabled the feature. The company has historically restored items lost to theft with duplicates, but doing so can significantly impact the value of rare items in the marketplace, making it a less than ideal option.

While Valve has considered simply removing the trading feature, as it accounts for a minority of digital item exchanges compared to the Steam Marketplace (where Valve also gets to take a cut of every transaction), they have instead opted to implement a delay on trades that represent a potential risk.

Going forward, items in a trade will be held by Valve for up to 3 days before being released to their new owner, allowing time for a compromised account holder to discover and cancel the in-progress trade. If the two users have a history of being friends on the service (a minimum of one year), that delay will be reduced to 1 day. Users can eliminate this delay entirely by activating the Steam Guard Mobile Authenticator and turning on trade confirmations, which will lift the restriction after 7 days.

If you have Steam and you have a smartphone, there are very few good reasons not to enable Steam Guard on your account (and I only say that because I’m sure someone out there can think of one or two). Keep your stuff safe, people.

Source: Valve

You may also like