Hackers are stealing CS:GO skins via an Apple iCloud hack
Close Menu

Hit enter to search or ESC to close

CS:GO skin collectors have recently discovered that Steam’s multi-factor authentication (MFA) isn’t enough to protect their accounts from skin thieves. Thanks to a hack found in Apple’s iCloud storage service, skins thieves are cleaning out CS:GO players’ virtual closets.

According to win.gg, pro CS:GO player Paytyn “Junior” Johnson woke up on November 28 to find most of his inventory gone. The hackers were able to bypass Steam’s MFA app, Steam Guard, to get access to Junior’s skins due to a backup option available on iPhones.

How the CS:GO skin hack works

Many iPhone owners use the iCloud storage option to store photos, contacts, email attachments, etc. It’s also possible to keep complete iPhone backups on the cloud as well, which includes apps and settings. If a CS:GO player backs up their iPhone settings to the cloud, this will include both the Steam and Steam Guard apps. Backing up Steam and Steam Guard also backs up usernames and passwords.

All the hacker has to do, then, is break into iCloud storage, copy the data, and break into the hapless user’s Steam account. Even if the iPhone owner has MFA enabled, the hacker can simply use one of the many MFA desktop apps available to gain access.

From there, it’s a simple matter of transferring the skins to another account.

Junior did not lose access to his account, but he did immediately change his password and MFA options. So far, he has not been able to get his skins back, and Valve hasn’t publicly commented on the matter. However, in the past when similar hacks occurred, Valve restored the player’s skins.

Tips to prevent iPhone Steam hacks

Even though these hackers were able to bypass Steam’s MFA app, it’s still highly recommended to enable multi-factor authentication for Steam, and, well, any other logins you want to protect. Instead of using iCloud storage for your apps and phone settings, back your phone up on to a local device, such as your PC.