Apparently millions of dollars worth of CS:GO skins have been stolen over the past few years. Now even Steam Support is being accused of being involved
Since 2021, accounts on Steam have been “hacked” again and again and especially CS:GO skins worth several hundred thousand, probably even millions of euros, have been stolen.
Meanwhile, even Steam support employees are accused of being involved in the plot. What is behind the story, how is Steam reacting and what can you do to protect yourself from the hacks?
Millions stolen – with the help of support staff?
Apparently there have been attacks on Steam accounts with expensive CS:GO skins in their inventory since 2021. The Russian Youtuber Mzkshow tells the story in detail in a video. The video is in Russian, but with the help of the automatically generated subtitles, the most important points can still be understood.
In summary, the situation is as follows: There are hackers who hack into other people’s Steam accounts – preferably those that have been inactive for a while and have a lot of valuable skins on them.
Why inactive accounts? It has to do with the method the hackers are using.
Apparently there were accomplices among the Steam support staff. One name that keeps coming up is an employee named “Alexander”. Accomplices like Alexander apparently accessed the account details of the desired accounts and then sent them to the hackers.
Since support staff do not have access to Steam passwords, a diversion via password recovery was used. To do this, the hackers needed data such as past order numbers or the answers to security questions.
With the help of this data, the hackers were able to contact the official support and pretend that they were the owners of the accounts and had forgotten their password after the long period of inactivity. After the recovery, they only had to log in and transfer the items to their own accounts.
A concrete case is described by the user “quY” on Twitter:
Last year Qkss got community banned and lost millions of $ worth of skins, however, the reason why he got banned was never clear. Now, I can pretty much confirm that his account got steam support hacked by ‘alexander’. Why do I think so? I will explain further. https://t.co/CmBo3AttWA
– quY (@quyy112) February 20, 2023
You can watch the video of Mzkshow here:
How were the skins sold?
Many of the skins were sold through external skin trading sites. However, some of the most expensive ones were sold through respected members of the community like “Anomaly” or “zipeL” who had no idea they had been contacted by hackers.
OG Chinese player reached out to me to sell these for him. He had been AFK since 2016 🤯
FN Howl 0.03 IBUYPOWER (Holo) + Titan (Holo)
Titan Holo unappliedBoth being sold in a week. Offers in DM 🤠🤝 pic.twitter.com/VbEctrI0BF
– zipeL🇩🇰 (@zipelCS) August 4, 2021
How does Valve respond and what can you do to protect yourself?
Unfortunately, it is unclear what measures CS:GO and Steam publisher Valve can take to prevent attacks of this kind.
Mzkshow argues in the video that they need to stop outsourcing Steam support. Unfortunately, this will be next to impossible as there are around 1.5 billion Steam accounts worldwide that need to be managed. It remains to be seen whether Valve will react and, for example, adjust the account recovery procedures.
Most of you probably don’t have to protect yourself at all, because so far mainly accounts have been targeted whose value is in the six-digit range and which have been inactive for at least a hundred days.
However, if your accounts meet these criteria, it is recommended that you log in regularly to avoid being inactive. It also makes sense not to buy accounts, because firstly, this is not allowed by Steam anyway, and secondly, if you have bought accounts, you may not have all the data you need to restore the account.