Account theft is a common and longstanding problem for all kinds of online gaming services, as I can personally attest after losing all of my Diablo III loot to a hacker a few years ago. But Valve says the problem is reaching epidemic proportions on Steam, with "around 77,000 accounts hijacked and pillaged each month." Since the service launched item-trading features back in 2011, Valve says the problem of account theft "has increased twenty-fold as the number one complaint from our users... What used to be a handful of hackers is now a highly effective, organized network, in the business of stealing and selling items."
It's not hard to see why the problem is increasing. Items in games like Team Fortress 2 and Counter-Strike: GO can be worth a lot of real money on the secondary market, not to mention the inexplicably popular virtual trading cards floating around the Steam social network. As Valve puts it "practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker's time. Essentially all Steam accounts are now targets." Goods transferred from stolen accounts can be relatively easy to unload on unsuspecting legitimate customers, too, making it hard to unwind the theft once it's detected.
Now, Valve is taking additional steps to decrease the value of these hacks when they happen. By default, traded items will now be "held" by Valve for "up to three days"—hopefully enough time to give users a chance to discover that their account has been compromised (and to prevent quick item transfer/liquidation by the hackers). Users that have two-factor authentication enabled will be exempt from this restriction, since their accounts are theoretically safe from most hacking attempts. Trades between users that have been friends for a year or more will only be held for "up to one day" even without two-factor, since that implies a real relationship between the traders.