The rise of Steam’s digital distribution store is almost indescribable and way beyond Valve’s most optimistic expectations. Some users have even argued Valve saved PC gaming from the depths of despair and made it a popular platform. However, I’m not entirely convinced by this argument and believe the PC would have a strong foothold in the market with or without Valve’s assistance. On the other hand, Valve have done wonders for the PC gaming market and while Steam is far from perfect, it’s a wonderful invention which keeps your entirely game library in one client. A byproduct of this success, is the amount of cyber criminals targeting user accounts. More specifically, Valve’s introduction of the community market with tradable items makes Steam accounts a valuable proposition.
In a blog post, Valve addressed the security concerns and outlined their plans to tackle stolen community items:
“Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has increased twenty-fold as the number one complaint from our users. Having your account stolen, and your items traded away, is a terrible experience, and we hated that it was becoming more common for our customers.”
“Once an account was compromised, the items would be quickly cleaned out. They’d then be traded again and again, eventually being sold to an innocent user. Looking at their account activity, it wasn’t too hard to figure out what happened, but undoing it was harder because we don’t want to take things away from innocent users. We decided to err on the side of protecting them: we left the stolen goods, and we created duplicates on the original compromised account to replace them. We were fully aware of the tradeoff here. Duplicating the stolen items devalues all the other equivalent items in the economy. This might be fairly minor for common items, but for rare items this had the potential to significantly increase the number in existence.”
“First, enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers. Second, practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker’s time. Essentially all Steam accounts are now targets.”
“What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items. It would be easier for them to go after the users who don’t understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone. We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc.”
This is clearly becoming a massive problem for Valve, and it’s quite difficult to trace the individuals in question. The emergence of two-factor authentication should help matters but this relies on the end-user setting up enhanced security. Perhaps in time, Valve will enforce this measure and make it mandatory. Although, some users might feel this is a little too heavy-handed.