Hackers are stealing CS:GO skins via an Apple iCloud hack
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
CS:GO skins hack
Category:
CS:GO

Hackers are stealing CS:GO skins via Apple’s iCloud Storage

Image of Keri Honea
Keri Honea
|

Published: Nov 30, 2020 11:52 am

This article is over 4 years old and may contain outdated information

CS:GO skin collectors have recently discovered that Steam’s multi-factor authentication (MFA) isn’t enough to protect their accounts from skin thieves. Thanks to a hack found in Apple’s iCloud storage service, skins thieves are cleaning out CS:GO players’ virtual closets.

Recommended Videos

According to win.gg, pro CS:GO player Paytyn “Junior” Johnson woke up on November 28 to find most of his inventory gone. The hackers were able to bypass Steam’s MFA app, Steam Guard, to get access to Junior’s skins due to a backup option available on iPhones.

How the CS:GO skin hack works

Many iPhone owners use the iCloud storage option to store photos, contacts, email attachments, etc. It’s also possible to keep complete iPhone backups on the cloud as well, which includes apps and settings. If a CS:GO player backs up their iPhone settings to the cloud, this will include both the Steam and Steam Guard apps. Backing up Steam and Steam Guard also backs up usernames and passwords.

All the hacker has to do, then, is break into iCloud storage, copy the data, and break into the hapless user’s Steam account. Even if the iPhone owner has MFA enabled, the hacker can simply use one of the many MFA desktop apps available to gain access.

From there, it’s a simple matter of transferring the skins to another account.

Junior did not lose access to his account, but he did immediately change his password and MFA options. So far, he has not been able to get his skins back, and Valve hasn’t publicly commented on the matter. However, in the past when similar hacks occurred, Valve restored the player’s skins.

Tips to prevent iPhone Steam hacks

Even though these hackers were able to bypass Steam’s MFA app, it’s still highly recommended to enable multi-factor authentication for Steam, and, well, any other logins you want to protect. Instead of using iCloud storage for your apps and phone settings, back your phone up on to a local device, such as your PC.

related content
Author
Image of Keri Honea
Keri Honea