Technology content trusted in North America and globally since 1999
8,525 Reviews & Articles | 65,915 News Posts

77,000 Steam accounts hacked every month, says Valve

Hackers are now targeting Steam accounts for digital trading cards, and Valve counters with a new security system

By: Derek Strickland from Dec 10, 2015 @ 17:41 CST

Steam trading is an extremely lucrative business for hackers. If you know what you're doing, you can make a pretty penny off peddling digital Team Fortress 2 or CS:GO gear across Steam. In an effort to thwart hackers, the digital distribution giant has introduced a new security system that changes Steam trading altogether.


Steam is inundated with scammers. Valve notes that some 77,000 accounts become compromised every month. The promise of ill-gotten gains attracts hackers and digital miscreants the same way that the gold rush pulled in thousands of greedy miners. In a recent blog post, Valve announced a controversial new measure that will slow down the trading system in an attempt to improve security.

The measure is called "Steam trade hold system", also known as trading escrows, which sees Valve act as a middleman between each individual trade. With the new system, digital items are no longer instantly transferred when a trade is complete, but instead are verified through Valve. Users can get around the waiting period by using the Steam Guard mobile app, which instantly verifies identities via two-step authentication.

Valve explained the new system in the following FAQ section:

Why are trade holds necessary?

"Trade holds protect your items. Because Steam accounts are valuable, especially if they have items worth stealing. If you haven't protected your account with a physical device (using the Steam Guard Mobile Authenticator), a trade hold will give you time to discover your account has been compromised and to prevent items from leaving your account."

How does it work?

"If a user trading away items hasn't had their account protected by a Mobile Authenticator for the past 7 days or has turned off trade confirmations, item delivery will be delayed by Steam for up to 3 days (1 day if you've been friends for at least a year.) This provides the user time to cancel the trade and any other that are pending."

"Cancelling trades that are pending or in a trade hold will begin a trading cooldown on your account to prevent any further unauthorized attempts to trade away items."


Even with the new security measures, hackers are still tricking users into fake trades and wiping out valuable accounts. Malwarebytes warns users of a fake CSGO Shuffle site that injects malware into systems and eventually hijacks accounts. If you're a veteran Steam items trader, you already know to double check all domains and steer clear of any suspicious .exe files, but a little reinforcement can't hurt.

Valve seems to understand the implications of the new system, but something needs to be done about the dearth of scammers and hackers. The company explained their move in the following closing argument.

"Once again, we're fully aware that this is a tradeoff with the potential for a large impact on trading. Any time we put security steps in between user actions and their desired results, we're making it more difficult to use our products. Unfortunately, this is one of those times where we feel like we're forced to insert a step or shut it all down. Asking users to enter a password to log into their account isn't something we spend much time thinking about today, but it's much the same principle - a security cost we pay to ensure the system is able to function. We've done our best to make the cost as small as possible, for as few people as possible, while still retaining its effectiveness."