Valve On Steam Security And Trading

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Valve announced today that it is making some changes to Steam security and its trading policy that, in the end, should make it more difficult for scammers to steal and sell your items.

What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items. It would be easier for them to go after the users who don't understand how to stay secure online, but the prevalence of items make it worthwhile to target everyone. We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It's a losing battle to protect your items against someone who steals them for a living.
 
I'm sorry but these people ARE naive. If you have 2 step authentication on your gmail account AND you have 2 step authentication on your steam account, it's basically impossible for your account to get hacked.

Even if you don't want the hassle of 2 step authentication on your gmail but you at least have a strong password (12+ characters, you shouldn't give a fuck about letters and numbers and symbols), you can't get your steam account hacked so long as you have 2 step verification turned on and someone hasn't hacked your email. If someone knows how to hack a gmail account when said account has a very long password, that person has got to have more lucrative things to do with their time than steal steam trading cards.
 
How exactly are accounts being hacked? Not much detail in the memo. 70,000 a month sounds like a staggering number.
 
rotarymotor said:
I wouldn't doubt through social engineering and phishing.
Click to expand...

Possibly for some. Social engineering requires significant manual effort though and you won't get the kind of rates they're talking about. The only way to get such high penetration rates means you have a proven, highly effective AUTOMATED way of doing it. Which leads me to believe that there might have been big security gaps in the Steam authentication mechanism that allowed people to brute force authentication credentials.
 
mastaBlasta said:
How exactly are accounts being hacked? Not much detail in the memo. 70,000 a month sounds like a staggering number.
Click to expand...

You expecting a step by step in a memo about something they're trying to stop?
 
Ohhhhhhh!!! Professional gamers and Reddit contributors... Well then, the MUST be secure.... :rolleyes:
 
If these people are getting their items socially engineered away from them, the security isn't going to help much since the user hands their information over in this scenario.

If the accounts are somehow being brute force hacked in some way, then maybe.
 
There is malware that can trade items from your steam account, without needing your password, without needing your email, without needing any interaction from you to do the trade, or any of that. It's not all people being stupid with their information.
 
staknhalo said:
There is malware that can trade items from your steam account, without needing your password, without needing your email, without needing any interaction from you to do the trade, or any of that. It's not all people being stupid with their information.
Click to expand...

Presumably that malware would work by the user already being signed in to Stream and then it takes control of the PC at like 4AM?
 
staknhalo said:
There is malware that can trade items from your steam account, without needing your password, without needing your email, without needing any interaction from you to do the trade, or any of that. It's not all people being stupid with their information.
Click to expand...

Oh, I wasn't suggesting that it was all people's own stupidity. That's just the angle that bothers me the most. I have more sympathy in the cases where there was nothing the user could really do about it. And really, any instance of this sucks. I'm not blaming the victim, but I do have less sympathy if the victim did something stupid.

Luckily (I guess...) I never have more than $1.79 in my Steam wallet at any given time, because I sell all my crap for $0.11 a pop as it comes in. :D
 
Ocellaris said:
Presumably that malware would work by the user already being signed in to Stream and then it takes control of the PC at like 4AM?
Click to expand...

No, there's a small file in your Steam install files that can be uploaded to the attackers computers (takes less than a second to upload) and using that they can trade items out of your account without any interaction from you/your end, or needing your passwords, etc.
 
J3RK said:
Ha! My brother has his own Steam account. I don't even give my credentials to my own kids. We have five Steam accounts in my house. :D
Click to expand...

That was actually just a running joke from the csgo subreddit from a crappy scammer
 
staknhalo said:
There is malware that can trade items from your steam account, without needing your password, without needing your email, without needing any interaction from you to do the trade, or any of that. It's not all people being stupid with their information.
Click to expand...

I need the Steam malware that will play my games backlog!
 
mastaBlasta said:
How exactly are accounts being hacked? Not much detail in the memo. 70,000 a month sounds like a staggering number.
Click to expand...

Stupid kids sharing their account info with other stupid kids who share it with more stupid kids until one of them decides to basically raid it for some quick cash.

The number of accounts that legitimately get hacked is staggeringly low. Two factor alone would prevent most of these cases.

The rest of the cases would be where someone does something they're not supposed to do and they know it: Install cheats/aimbots/hacks that mine account details.
 
You must log in or register to reply here.
Back
Top