Hi all... as some of you may have noticed... my account was compromised last night and it sent spam messages through the steam chat. Please ignore those messages. I already got back control of my account. I am truly sorry for every inconvenience caused!

:/

6 years ago

Comment has been collapsed.

I'm glad you got your account back. Would you mind to elaborate how it was hijacked?

6 years ago*
Permalink

Comment has been collapsed.

Sure thing. It was actually pretty stupid on my end. Got an iffy message from an account that did not seem as a bot... I guess I was too sleepy atm but I went online typed the site name (did not click the link so that whole site is a fake) and thought I was logging through steam. But, it was a replica of the login page and my pwd got stolen... the weird thing is that they were able to bypass steam mobile guard authenticator. After that, they changed phone, pwd, and removed my steam guard. Since the market closes on any changes, they were unable to transfer anything and Steam helped me get my account back on a couple hours. So, everything seems fine now.

6 years ago
Permalink

Comment has been collapsed.

That's pretty nasty! So much for the Authenticator being of any use to you!

6 years ago
Permalink

Comment has been collapsed.

Mobile guard authentication works by generating a token which is only valid for a short time frame (around 30 seconds? or 1 minute at most). Since you logged into the fake Steam page, you probably provided the token to the page, which it uses to log into your actual Steam account and make all those changes to your account within seconds with automation

6 years ago
Permalink

Comment has been collapsed.

Wouldn't the email be sent stating that access was gained from another IP Address to prevent that from happening? I mean, obviously it didn't, since his account got compromised, but shouldn't it work?

6 years ago
Permalink

Comment has been collapsed.

You don't get such mail like that, you can login from any ip address you want as long as you provide your otp

6 years ago
Permalink

Comment has been collapsed.

I meant I get emails from Valve stating that access was attempted on my Steam account from a different IP Address (Russia, usually), using my proper Steamname and password. I get them from time to time, but not too often.

6 years ago
Permalink

Comment has been collapsed.

You should change password if that is the case.

6 years ago
Permalink

Comment has been collapsed.

I've never got such email, weird :D

6 years ago
Permalink

Comment has been collapsed.

everytime i run VPN... seems only to apear when IP says you changed country or something like this...

my IP changes every 24hrs or when i want to... i would get spamed with these mails... :P

6 years ago
Permalink

Comment has been collapsed.

They don't send them. That's the evilness of "2FA": if weird shit happens, you're not even notified because providing the OTP gives Steam something they consider as an ultimate proof of confidence that everything is fine. Even if you've always connected from USA and suddenly pop up with a Chinese IP.

6 years ago*
Permalink

Comment has been collapsed.

I don't know the details, since I have never run into such cases, but here's probably the sequence: https://www.steamgifts.com/go/comment/98tn9Rx

6 years ago
Permalink

Comment has been collapsed.

Its 30 seconds,,,i guess they were super fast like 7 of them typing on same keyboard just to log in and quickly remove steam guard... :)

6 years ago
Permalink

Comment has been collapsed.

I believe these are automated. Not sure how they do the SMS part, but if VoIP phone numbers are allowed, then it should be possible to automate this.

6 years ago
Permalink

Comment has been collapsed.

Thanks for a nice laugh :D
As nhahtdh already said it's definitely not done by humans ;)

6 years ago
Permalink

Comment has been collapsed.

It was my pleasure! <3

6 years ago
Permalink

Comment has been collapsed.

yep.. I think it may have been something like that because the only thing I 'lost' was my market listings. Thankfully Steam puts a lock on item transactions when you make a change, so that kept my stuff safe.

6 years ago
Permalink

Comment has been collapsed.

which is only valid for a short time frame (around 30 seconds? or 1 minute at most)

Code is valid for only 30 seconds, that's correct, but Steam actually accepts any code generated within 30 before (and probably after but I didn't check that) from current time, which in reality makes it up to 15 minutes from now. I verified that while doing some ArchiBoT tests.

Don't ask me how stupid it is, I'd get suspended for excessive usage of swear words. It's enough to say that Steam's 2FA is a big fat joke and it's actually much less secure than SteamGuard code sent on 2FA-protected e-mail.

6 years ago*
Permalink

Comment has been collapsed.

Thanks for the clarification, I recently read about those type of replica login pages, so everybody should be aware and warned. ;)
It's also good to know that Steam support was able to help you out fast enough.

6 years ago
Permalink

Comment has been collapsed.

I've read a day or two ago about this new scam where they code the "log in through steam" popup directly into the website, it's not a real popup at all... so you think "oh it's safe steam will just push oauth to them" but in reality you're giving them directly user/pass/otp and are not even on steam!

6 years ago
Permalink

Comment has been collapsed.

Not sure if I got what you meant, but it's definitely not possible to send the credentials with one click of the button.

What most likely happens is that the site has a "log in through steam" button, which once clicked redirects to a phishing site that looks like Steam. Instead of the usual, "confirm and go" button you'll get the prompt to reauthenticate (which does happen at the actual Steam site too). If at that moment you actually provide them with their password the bot/hacker behind it logs in, then you get the prompt for the code from Steam, which you think you need to log in, but actually is used by the hacked to log in.

If you actually meant this though, then you're right :D

6 years ago*
Permalink

Comment has been collapsed.

That's what I meant basically but INSTEAD of sending you to another site, they create an illusion of steam popup embedded into their existing website. It's a new thing. So you don't have a warning "no locket, not a good address" because everything shows up as it should, as if you were on steam for real... but it's just a picture :(

6 years ago
Permalink

Comment has been collapsed.

Ah, haven't seen that one. Cool, thanks for clarifying.

6 years ago
Permalink

Comment has been collapsed.

Yup, I got the link from 2 affected people and checked out what it was. If I didn't know better, I could easily have been fooled by that popup.

6 years ago
Permalink

Comment has been collapsed.

Classic bait. Why people even click at a link from people they don't know is beyond me. Just got a chat message from a random person that didn't look like a bot, also with a link. I still have my account.

6 years ago*
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

6 years ago
Permalink

Comment has been collapsed.

:)

6 years ago
Permalink

Comment has been collapsed.

this is steamgifts not your steam friend list. think you're so popular and important ?

6 years ago
Permalink

Comment has been collapsed.

Not really. But, most of the ppl on my steam friend list is a regular here, so I felt it was proper to make an announcement.

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

6 years ago
Permalink

Comment has been collapsed.

over what ? sorry i can't read you with all the pretentiousness in this tread of their Majesty

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

6 years ago
Permalink

Comment has been collapsed.

there's a difference between posting "to all my friends" (and that still would be slighty out of place) and making a PSA like you're jesus

but hey wHaT aBroNY thiNg tO sAY sorRy I cAn'T UnDERstAnd HerP dHerp. you forgot to make a dozen of "brony" or "mlp" mentions in your bullshit

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

6 years ago
Permalink

Comment has been collapsed.

GOLDEN RULE !!!

 
some page asks for steam login...?
well, go to official steam page, login there and reload the page that asks for your data... if it still asks for login it's fake...

this is a rule you should use for every system that allows 3rd party logins...!

STAY SAFE !!!

6 years ago*
Permalink

Comment has been collapsed.

best answer...

6 years ago
Permalink

Comment has been collapsed.

This is definitely the way to go. Even the legit 3rd party sites could end up compromised at some point.

6 years ago
Permalink

Comment has been collapsed.

Perfect answer will follow it thx

6 years ago
Permalink

Comment has been collapsed.

great suggestion

6 years ago
Permalink

Comment has been collapsed.

definitely!! and thanks for sharing!!

6 years ago
Permalink

Comment has been collapsed.

+1
That's how I always do it.

6 years ago
Permalink

Comment has been collapsed.

Great advice... thx for it... I will make sure as hell I follow it... from now on...

6 years ago
Permalink

Comment has been collapsed.

a webpage doesn't want my steam details, just redirects me to https://steamcommunity.com/openid/login?openid.ns=********** to confirm "login." is this legit?

PS: I was already logged in at steamcommunity.com

6 years ago
Permalink

Comment has been collapsed.

yes, that's the safe part...

when you are loged into official steamsite any other 3rd party site only asks to "confirm" and never for "login details"...

6 years ago
Permalink

Comment has been collapsed.

Thank you; I really appreciate it!

6 years ago
Permalink

Comment has been collapsed.

I was afraid to even enter my name and pass here on steamgifts. Took me 3 month to finally do it. These hacker/scammer sites have no chance against my paranoia and panic.

6 years ago
Permalink

Comment has been collapsed.

have an advice in two words: steam guard.

6 years ago
Permalink

Comment has been collapsed.

Steam Guard did nothing for them. It bypassed it.

6 years ago
Permalink

Comment has been collapsed.

yep... what shadowshiv said... :(

6 years ago
Permalink

Comment has been collapsed.

Please be aware that SG member Nabu has been hijacked..

If you are friends with him and receive a link to anything do not click on it..

https://www.steamgifts.com/user/nabu
https://steamcommunity.com/id/kelma85/

6 years ago
Permalink

Comment has been collapsed.

Yep. I just made a thread about it as well. This sucks! :(

6 years ago
Permalink

Comment has been collapsed.

Thank you for the warning.

6 years ago
Permalink

Comment has been collapsed.

ouch... that's too bad... thx for the heads-up

6 years ago
Permalink

Comment has been collapsed.

This is one of those areas where I'm glad I have no friends! 👨🏻ζ༼Ɵ͆ل͜Ɵ͆༽ᶘ ( ͝° ͜ʖ͡°)

6 years ago
Permalink

Comment has been collapsed.

I am not sure whether I am affected or not . I have Steam Guard Mobile Authenticator(SGMA) on for ages.

But now I am concerned about one issue. I always had to access SGMA for confirmation for any trades or transactions.
Just now when I tried to sell an item in market, as usual I went for confirmation on my SGMA but I didn't see item in the confirmation list. Checked the sell listing and the item was already listed there. Tested 3 times... item gets directly listed on market without SGMA confirmations
I don't remember changing any settings at all. Has Steam changed any setting.. or settings got reset after updates? Or is my account compromised?

Is anybody having similar problem?

6 years ago
Permalink

Comment has been collapsed.

Steam has recently changed its policy for trade items that are worth < 1$.
You don't need to confirm these trades any longer.
https://www.steamgifts.com/discussion/viEkp/items-under-1-no-longer-require-confirmation-on-steam-market

6 years ago
Permalink

Comment has been collapsed.

Oh I didn't know about the recent changes.
Got me worried because of recent security compromisations.

6 years ago
Permalink

Comment has been collapsed.

Nothing wrong with being alerted, though. It's always good to keep an eye on it. ;)

6 years ago
Permalink

Comment has been collapsed.

wow, didn't notice that
I was thinking I had already accepted it, but had forgotten that I did it
but this is a good change, as accepting them all the time was really annoying

6 years ago
Permalink

Comment has been collapsed.

ohh... did not know that.... thx for the info...

6 years ago
Permalink

Comment has been collapsed.

Rule N°1 = DO NOT click on strange .EXE files and DO NOT put your credentials on abnormal Steam sites

6 years ago
Permalink

Comment has been collapsed.

I rarely get messages just a few weeks ago was the first time I ever got spam PMs but the fact Steam's website will frequently log me out or give me a false flag logged out (In which it says I'm logged out but if I refresh It was an error) worries me.
I always double check the url even open the sites elements to make sure I haven't been redirected to some phishing site.
But when it comes to clicking links or connecting to steam I avoid that nonsense.

6 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.