Not Your Typical “I Got Hacked” Story, Except it Kind of is?

Windranger DOTA 2 Hero Guides

So it finally happened to me. My Steam account was hacked, and I lost everything. All of my beautiful immortals and paid content just "freely gifted" to 2-3 accounts. The entire paper trail is recorded, but what's the point if we don't have measures to either A) get a simple confirmation message about the trade details B) flag specific items so that they cannot ever be traded away or C) restore the account to the previous state as a failsafe to the lack of the first 2 points?

I know Steam engages in discussions around account security, and for a player like me, this new policy does more harm than good due to its implementation.

As per this update:

  • Trade hold duration will be increased to 15 days (for long-time Steam friends the duration will remain 1 day)
  • Listing on the Steam Community Market will have a hold of 15 days before an item can be sold
  • Steam Support will no longer restore items that have left accounts following a successful trade or market transaction (a process that previously created duplicates of original items)

I have a few points around this. Maybe there are measures for the following points, but if there are, I certainly haven't been able find any such things or been made of aware of them, so I'd like to expand on this discussion.

  1. How does the trade hold matter when I don't even know that there is a trade hold on my account?
  2. Why is trading mandatory in the sense that I can't gift myself the item, or permanently disable an item from ever being traded?
  3. If users with Steam Guard protection are still able to be hacked like this, how are you incentivizing its usage?

Whether I have a 1 day trade hold or a 15 day trade hold, how is that actively helping anyone if there is no notification in the game client? I can check the paper trail to see the trades went through on November 1st, but I didn't notice anything was wrong with my account until this week. I've checked through my email and had 0 notifications about a pending trade, or even a trade confirmation anywhere near that date. In the game client, I've played a fair bit of Dota since then, and yet again, not a single notification. Holding the trade and saying "ok, this should give you time to notice" is nowhere near effective if you are not providing the confirmation. Very similar to an Order Confirmation Page, it serves two purposes. 1) to give the user a chance to thoroughly review the transaction and 2) to flag the user that the order itself is happening.

Obviously certain Immortals and collectors items that I've worked really hard to get are things I'm never going to part with. Especially for my favorite heroes. I only occasionally play with a handful of friends, but don't really care about trading items at all. I understand other players care about trading for obvious reasons, but I really wish there were a way to say Hey. I don't care for trading. Especially this group of items. Is there a way to trigger a flag on an item, which cannot be undone, that permanently removes the ability to trade that item to get around "this item may be gifted once?"

Obviously, losing my stuff is not cool. I understand "it happens" (which, also obviously, should never happen to anyone) but there are certain things I wish we had, like the controls to say "I forfeit my ability to trade/gift this item forever so that I may enjoy it as part of my collection." Not everyone would use this, but that's kind of the point. No one solution is going to fix all of the trade abuse, scammers, and hackers. Instead, a piecemeal approach of a few small solutions for small subsets of users can chip away at the behemoth problem we're wresting with. This isn't just a problem for the developer, but the user as well, and any small scale resolutions can count toward the progress of addressing the larger problem.

Lastly, I do have Steam Guard. I remember recently getting the notification that the correct username and password was used, so I had changed my password in late October. I had even changed my Steam Guard multi factor to come directly through the Steam app on my phone instead of my email. (I had independently updated my email password a month prior for routine), so I'd say my account overall was pretty secure. Yet somehow, all of this still happened. And I am still getting notifications that the right username/password combination is being used, despite the fact that I am changing my password. I don't want to have to start over with a brand new account, but something does need to happen that positively addresses this issue.


leave a comment

Your email address will not be published. Required fields are marked *