Two high-profile players have had their CS:GO inventory hacked despite securing their accounts with two-factor authentication. These cases have once again brought to attention the security loopholes in Apple’s iOS platform and vulnerabilities in the Steam API.
CS:GO Pros Report Missing Skins Due to Steam API Flaw
Paytyn “Junior” Johnson. Image Credit: Triumph via Liquipedia.net.
On November 28, Triumph’s CS:GO player, Paytyn “Junior” Johnson reported several missing cosmetic skins despite not having authorized the trades on his mobile. The hackers were able to access his Steam account as well as Steam Guard (although not on the user’s mobile). Paytyn Johnson is the primary AWPer for Triumph, a North American esports organization.
I wake up getting spammed notifications my steams been hacked, I was able to logon and deauthorize the account and changed every password I have, in a span of 5 minutes of me changing everything somehow all of my skins (around 20k) got sent through to another account without 1/2
— Paytyn (@1juniorcs) November 27, 2020
]
Millions of iOS users use Apple’s service to backup their contacts, photos as well as apps. While backing up the Steam App on iCloud, users inadvertently end up saving their app login details and in this case, their Steam 2FA as well. Ironically, the entire purpose of iCloud backup is to safeguard your credentials and data.
Team XSET and former Dignitas CS:GO player, Julia “juliano” Kiran also reported facing the same issue.
This happened to me aswell last weekend.. read about API key and remove yours if you have, and change ur password / reset ur steam guard authenticator and enable family view on steam.
— XSET juliano (@juliakiran) November 27, 2020
]
Hackers can hack into your iCloud storage to access the Steam account. In this case, they chose to receive Steam 2FA codes on their desktop, allowing them access to Junior’s Steam inventory.
How to Secure your Steam Account?
CS:GO users should always secure their Steam accounts to prevent unwanted usage and access to their cosmetics. Here are a few simple steps to ensure the safety of your Steam inventory.
- Enable 2FA and save Steam Backup Codes in a safe place.
- Never tell your password to anyone, including those pretending to be Valve employees.
Here are the methods to ensure iOS Steam users are safe from the recently discovered vulnerability.
How to Choose which apps to back up on your iPhone, iPad, or iPod touch
- Go to Settings > [your name] > iCloud.
- Tap Manage Storage > Backups.
- Tap the name of the device that you’re using.
- Under Choose Data to Back Up, turn off any apps that you don’t want to back up.
- Choose Turn Off & Delete.
Steam Family Sharing
Steam Family Sharing requires users to enter a four-digit pin to access most of Steam’s features.
Steam users should also enable Steam Family Sharing to ensure additional security. The Steam Family Sharing requires users to enter an additional four-digit code in order to access most of the features in Steam.
Steam users can manage which games and features will be accessible in the Steam Family View.
For now, enabling Steam Family Sharing is one of two ways to ensure foolproof security in iOS (the other being disabling Steam backup on iOS).
Stay tuned to Unikrn for the latest esports news and updates. Put your esports knowledge to the test and take advantage of our Bet and Get offer today!
- Coinsmart. Europe’s Best Bitcoin and Crypto Exchange.
- Platoblockchain. Web3 Metaverse Intelligence. Knowledge Amplified. FREE ACCESS.
- CryptoHawk. Altcoin Radar. Free Trial.
- Source: https://news.unikrn.com/article/hackers-csgo-skins-ios-steam-api-exploits-cosmetics-valve-n_rs?utm_source=rss&utm_medium=rss&utm_campaign=news
- "
- 28
- 2FA
- a
- About
- access
- accessible
- Account
- Ad
- Additional
- ADvantage
- All
- Allowing
- Although
- always
- American
- Another
- anyone
- api
- app
- apps
- around
- attention
- Authentication
- auto
- Backup
- backups
- being
- Betting
- cases
- change
- Choose
- code
- Credentials
- credit
- data
- desktop
- Despite
- details
- device
- discovered
- employees
- enable
- enabling
- Enter
- esports
- Esports Betting
- everything
- facing
- family
- Features
- from
- Games
- getting
- Global
- hack
- hacked
- hackers
- happened
- having
- here
- HTTPS
- image
- Including
- inventory
- iOS
- iPad
- iPhone
- issue
- Johnson
- Key
- knowledge
- latest
- manage
- methods
- Mobile
- most
- news
- North
- offer
- online
- order
- organization
- Other
- Password
- platform
- Play
- player
- players
- primary
- PROS
- purpose
- RE
- receive
- recently
- report
- requires
- safe
- Safety
- same
- saving
- secure
- security
- service
- several
- sharing
- Simple
- Steam
- storage
- test
- The
- Through
- trades
- Unikrn
- use
- users
- valve
- View
- Vulnerabilities
- vulnerability
- ways
- weekend
- while
- without
- Your