Also good to pay attention to this, whether you think you've been targeted or not: https://help.steampowered.com/en/accountdata/SteamLoginHistory
Comment has been collapsed.
=͟͟͞͞( っ'Θ')╮ =͟͟͞͞🎂
Happy Cakeday♪
Comment has been collapsed.
Is this for successful login attempts or all attempts in general?
Comment has been collapsed.
Those logins on that list are the successful ones. You can check this Steam discussion for more details:
https://steamcommunity.com/discussions/forum/0/1850323802581655133/
Comment has been collapsed.
Thank you for the follow-up post, Gaffi.
Legend for Steam Login History OS Types (According to Reddit and Steam Forum):
- -1 is the website (via browser)
- 16 is Windows (Steam application)
- -88 is MacOS (we think)
- -400 is your mobile phone
- -192 is Linux where the major kernel version is 4 but the minor version is unknown
- -203 is Linux where the kernel version is unknown
- -700 is "other" (we think)
Comment has been collapsed.
-79 for my Mac
Not sure if it's version dependent, I'm currently on macOS 11.
EDIT: Yep, version dependent. Logged in on my other lappy with macOS 10.13 and it had -84
Comment has been collapsed.
For me Steam application (windows) is 10
Browser and mobile its same as you say up.
Comment has been collapsed.
Orono posted the complete (and accurate) list, below.
Comment has been collapsed.
k_EOSTypeWeb = -700
k_EOSTypeUnknown = -1
https://steamcommunity.com/discussions/forum/0/1850323802581655133/#c3183486955449639667
List probably taken from here:
https://github.com/SteamDatabase/SteamTracking/blob/master/Structs/EOSType.h
Very interesting info, I did not know that feature/link to login history, thanks!
Comment has been collapsed.
(RE: github list)
That must be the "official" list. Thank you for adding that to the discussion.
Also note that the "country of origin" will be spoofed by a VPN. If you set your VPN country to China, and then login, it will show as a login from China.
Comment has been collapsed.
Wow! Everything is fine with my account, but there is an access via mobile (-400) made a few days ago in a city a thousand kilometers away from where I live. The access lasted eleven minutes and I couldn't identify anything different in my account (no purchase, sale or exchange of items that I haven't done myself).
What could it have been?
And happy cake day! : )
Comment has been collapsed.
I know my wireless carrier often shows me a few hundred miles away when I (rarely) connect to the mobile app off wifi. Not sure if it's the same for you, but that could be it.
Or VPN usage?
Comment has been collapsed.
its weird that it says i logged in from madison, wisconsin yet i live in PNW..
Comment has been collapsed.
Some time ago, there was a story about a large number of cookies being collected via EA, causing damage to not only Steam but also many other accounts.
And now, in the age of cyber warfare, it seems that the information of those victims is being purchased and used as a springboard for nuisance activities.
(Maybe.)
Destructive Malware Targeting Organizations in Ukraine | CISA
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
In relation to these, there have been cases of malware-infected computers that seem to have died out, as well as those that seem to be related to businesses.
It is always a good idea to run a full security scan.
This is what I posted the other day on Steam.
It seems that bad people are abusing your computer and destroying it when they finish their work.
Be careful.
Comment has been collapsed.
I always ignore links from people that I rarely chat with and if it's a close friend, I'll ask them before I click.
If it smells suspicious right of the bat, it gets removed right away, although this never really happened to me.
I have seen people losing their accounts and for me personally this would be a big blow as I've invested hours and A LOT of money on this Steam account to lose it.
Comment has been collapsed.
The sneakiest way I noticed to steal my login data was a page that had a "login with steam" button that SEEMED to open the proper popup of "https://steamcommunity.com/openid/login" with https encryption etc but upon closer inspection that was not an actual popup but the whole windows including windowframe, addressbar, https confirmation, etc was all simulated in browser via javascript and and just passed on the name and password to the site.
Comment has been collapsed.
https://youtu.be/NWtm4X6L_Cs?t=467
yup. it's super clever.
Comment has been collapsed.
Thank you for the link, this was very fascinating watch. Hadn't seen this type of scam before.
Comment has been collapsed.
Wow, that's impressive.
I'm a little surprised the developer didn't make a mac version of the fake window after going through the trouble of making such a realistic MS Windows version of it.
Comment has been collapsed.
I assume/hope the 'certificate' in the URL is just an image or something, right?
Whenever I have to login to Steam, I first check whether I'm already logged in, and if I'm not I always check whether there's a certificate issued to Valve from a reputable provider.
Comment has been collapsed.
I use a private (encrypted) login tracker, so if the login name and password are not immediately filled in, it is a dead giveaway that the site is bogus.
Comment has been collapsed.
I've taken to now always use the following apporach:
Go manually to the steam login page and enter my credentials there. Then reloard the login page used by the other program. If it is proper, it will then not ask again for username/pw, but just asks if the saved login is the one I want to use.
Comment has been collapsed.
Another sneaky way I noticed was when they were using the exploit that allowed them to send messages to people without being on their friends list. They would spoof the friend's account, and because the messages came from a friend, people would let their guard down. They no longer use this method, however, as it is easier to simply take over someone's account and hit up everyone connected to that account.
Comment has been collapsed.
That is not an exploit, anybody can send message to another one in steam group chats.
Comment has been collapsed.
You apparently were not around for that exploit. Back before they had Steam group chats, it was not possible to directly message a user unless you were on his or her friends list. However, an exploit was found that allowed direct messaging without ever being on the user's friends list. It didn't take long for Steam to patch that out, but people were being bombarded with random messages from users they had never seen before, much less added as a friend.
Comment has been collapsed.
When was this?
https://fototrend.hu/tema/steam_2/hsz_61992-61992.html
⬆️
Here is my comment from 2014(!). mar. with attached picture. (hungarian forum)
I was talk about, that no need to be on friendlist, it is enough to be in a same steam group.
From the picture "Üzenet küldése..." meaning "Send message..."
Comment has been collapsed.
It was years ago, so my memory about it is "fuzzy." If I remember correctly, there was a short period of time (like one week) when it was common for scammers to use the Steam protocol (steam://friends/message/id) to message non-friends. However, it didn't take long for Valve to "fix it" by adding a notification dialog. If someone tried to message you in that manner, you were given a choice of whether or not you wished to answer that request.
Comment has been collapsed.
Do you have any security software recommendations?
Comment has been collapsed.
Malwarebytes combined with a good anti virus (i say Kaspersky).
Comment has been collapsed.
In the past, I would have said Malwarebytes combined with any solid AV program, but MWB expanded its anti-malware service to include an anti-virus. I have been using MWB for many years. I paid for Premium way back when, and it never expires.
Comment has been collapsed.
As both Lugum and Khalaq mentioned, Malwarebytes is good. If you get the free version of Malwarebytes it's just a stand alone scanner that doesn't have active protection/real time protection(live protection 24/7). This won't protect you from getting a virus, but it will detect it on your pc and try to clean it. It's a good backup program that can get something that got through your first line of defense. Just so you know nothing is going to be 100% effective at preventing things. So you'll want something with active protection as your first line of defense.
Windows Defender has come along way and works if you are looking for a free option for an active first line of defense. If you are looking for a paid active protection program I'd go with Bitdefender. Bitdefender in my opinion is probably the best paid protection software on the market right now.
Both Bitdefender and Malwarebytes offer good free web browser tools.
Bitdefender Trafficlight
Malwarebytes Browser Guard
Comment has been collapsed.
Additional tips:
Don't share your login ID (username used to login to your account)
Don't share your email used for your Steam account
Comment has been collapsed.
When you send a Steam-gift, you will automatically reveal your Steam-related email.
Comment has been collapsed.
Yes, some time ago a strange user was added to me and offered me to increase my inventory - I just had to log in (enter my Steam login and password) on a strange site using the link.
Well, he must have been upset when I blocked him.
Comment has been collapsed.
when you say "exploits", do that mean they can get info by just adding me?
i know about phishing attacks but thats all they can do afaik. using 2fa (steamapp) should prevent anything similar, right?!!
Comment has been collapsed.
hmm there is information to be gained but other than you might think
When youre online,your country (timezone),faster trading/gifting(because you befriended him) prediciting seeing your sleep schedule,Infiltriating your privat chat with scam messages,sending you QR codes that can be scanned,Than there are "Keylogger",if they connect you in anyway like a call they can probably see your IP too ,so a friendly person could deceive you too .
the most important things are your Email and Handy(smartphone) to protect. with this information they can steal the account from you .
You might think why your Email is so important?
He could send you fake steam links with good offers like Elden ring 90% off or 100% off .Hosting a similiar domain is pretty easy to recreate .
I actually added 90% of scammers and deleted them later to see what they are doing and trying.
The worst enemy of humanity is panic ,getting to made decisions in seconds,hey on this site they sell Elden ring for 50cent bro buy fast !
Alot of scammers try to create panic ,so you make unrational decisions.
Comment has been collapsed.
From time to time, my computer's security will block unauthorized access to itself (usually connected to pop-up ads that appear in my browser). On occasion, it also blocks unauthorized access through various Steam exploits. Because I have protections in place to prevent my Steam account from being accessed in this manner, I usually ignore it, but not lately. Recently, I have been seeing multiple attempts to access my account using such exploits. (Like eight attempts in ten minutes.) That is why I am posting this message as a "heads up" to fellow Steam users. Even if hackers are able to gather information about your Steam account via exploits, they still need key information to take over your account. Be cautious and skeptical regarding unsolicited friend invites and "odd" chat messages, even from people you know, ESPECIALLY anyone claiming a connection with Valve. Also, never clink on a link in Steam chat. Always copy and paste the link in your browser. That, and remember to change your passwords every once in a while.
P.S. (Since the IP's of these exploit attempts trace back to known proxy servers, the crooks could be based anywhere in the wold.)
Comment has been collapsed.