This is a follow-up to my previous article about How Steam Key Reselling Killing the Little Guys.  I posted that Article on Monday, March 7th and it should be no surprise to anyone that thieves and scammers are predictably vindictive.  Here’s a look at our Cloudflare Threat Management from Monday March 7th into Tuesday March 8th:

march7th threats

Does anything stick out to anyone?

Remember in that first post how I mentioned IndieGameStand had $30,759.42 in fraudulent credit card charges and transactions. Well since our post, we’ve been hit with another $7,101.72 fraudulent charges in the last two weeks.  90% of these came within a week of Tuesday, March 8th.  This was somewhat expected since thieves are children and tend to lash out when you try to tell them they are wrong, so I was prepared wasted time while everyone else was at GDC voiding orders and reporting suspicious activities to our credit card processors.  While I do think they wrestled a couple of steam keys away from us, they certainly did not get $7k worth. I’m very happy with the traction that my first article got and appreciate all the tweets and support that we got. TinyBuild was nice enough to tweet this out on March 8th:

Guess which games were pirated / falsely purchased the most in the last few weeks? TinyBuild was almost exclusively targeted on our site in the past few weeks (sorry guys).  TinyBuild actually wrote their own article about Steam Key piracy and how their game Punch Club has sold 330k copies and been pirated over 1 million times.  This all really really sucks for indie developers and indie sites.  Luckily, our article spurred some excellent talks with indie developers and other industry folks and inspired me to create a tool for our developers to easily track (and CANCEL) their stolen steam keys.


All our developers can now visit to check which steam keys were stolen and report them back to Steam for deactivation.  I hope developers that have been taken advantage of or hit hard by this problem will take the time to cancel these keys so that people learn to avoid reselling markets.  Right now our Stolen Keys listing is still a little conservative meaning that it only displays keys that we are 100% sure were stolen and related to a voided fraudulent order, but we will continue to improve it’s features for developers. I will also be emailing G2A a complete list of all the keys that should be deactivated on their marketplace.  I will update this article or let you know if I hear anything from them or any other reseller market.