I am sorry...
I tried bringing this website to everyone's attention a month ago and and got a lot of heat for it. So I closed the discussion.
I got a random steam message in Japanese just like a few posts above.
Here is how i found out it was a scam...without having to sign-in:
Whatever game you win, during the countdown...the visible part of the game key remains the same.
Its probably a little late now. But if you are ever unsure about a website in future let me know...a second pair of eyes is always helpful.
Comment has been collapsed.
how can they check with their fake login site, if my credentials are correct?
none of the links there are working, and the language on the top right is strangly russian, but everything is in german
Comment has been collapsed.
Yeah, i created suport ticket: https://help.steampowered.com/en/wizard/HelpWithAccountStolen
Comment has been collapsed.
Grats, Steam support can be on the ball at times. Hope nothing got lost in the meantime.
Comment has been collapsed.
Like everyone in this thread I feel you and hope you'll get your acc back soon. But I think all you guys should also report that phishing site so internet browsers would warn people before entering.
Comment has been collapsed.
A steam friend of mine also got his account hacked. He sent me around 10 messages with 2 different malicious links. I didn't click them, obviously. Still, how do people fall for this scam? I'm not saying this in order to judge them negatively, but I mean that this type of scam is nothing new. So, how has this new one got so many victims? Is it more trustworthy-looking than the others?
Comment has been collapsed.
I just wanted to see what those sites look like and what to look at in such occasions (yea sure first thing is never click and login only to official steam site, OK, but I still want to know and still want to look; more informations are always good) but the site seems to be down, at least for me.. DNS_PROBE_FINISHED_NXDOMAIN using https and ERR_NAME_RESOLVING on http..
Comment has been collapsed.
someone just wrote me via steam (5 x)
1 free game for new users!
take the game you want!
rolldatgamexx.com (don't visit this site)
yea sure.. just an example that there are different sites spreading right now.
Do not klick on that link and block all friends who send you those.
This is just too obvious, how can people even klick on those links and LOG IN with their real steam accounts. :|
Comment has been collapsed.
because they are very desperate for steam games desperate enough to sacrifice their account.
Comment has been collapsed.
I don't want to be that guy, but stopping login into random sites just to get a crappy +1 might be a good start for not losing your account.
Comment has been collapsed.
Was two-factor authentication not turned on? I'm confused as to how they could have used your password to hack your account without also having access to your mobile authenticator code, which constantly changes. Not doubting your story, but it's a big problem if these hackers have discovered a way to bypass two-factor authentication.
Comment has been collapsed.
But the code changes, like every 30 seconds right? Once the new code activates the old code stops working, so the only way I could see this working is if the logins to the scam page were being actively monitored so that the scammers could log into real Steam with the active code inside of 30 seconds. Or could there be some script running on the site that automates that process? If so that's pretty disturbing.
Comment has been collapsed.
Of course that works with everything. If you give someone everything he needs to authentificate as you, then it takes mere seconds until password and email are changed ynd you are logged out everywhere.
Thats why so many people get "hacked". Because people are morons. Thats all what it boils down to. Phishing is like scamming. You don't need to get everyone, only the 2 out of hundred people which are to stupid.
Comment has been collapsed.
True that. I'm typically overly-cautious about where I'm entering my account info - to the extent that sometimes I'll even check out the SSL certificate to make absolutely sure I'm on the legit page. But I never considered that 2FA could be so easily bypassed if you're not paying attention to where you are. I'm going to have to keep that in mind and make sure I don't get complacent.
Comment has been collapsed.
The thing is it depends on the service.
Let alone "You can not remove/change your phone, change your email or change your password at the same day" would help quite a lot. Or "You really need your phone to change 2fa, if it got destroyed, you need to go through support." would prevent alot.
Comment has been collapsed.
Oh yeah; I'll admit years ago I was lax enough to use the same password for almost everything, but I had a scare and immediately changed that policy - these days every login gets a different password. It's a PITA, but it's just one of the steps we have to take in this day and age.
Comment has been collapsed.
22 Comments - Last post 16 seconds ago by Formidolosus
13 Comments - Last post 8 minutes ago by moronic
34 Comments - Last post 20 minutes ago by VahidSlayerOfAll
355 Comments - Last post 7 hours ago by aumeilo
331 Comments - Last post 8 hours ago by MyLittlePoPo
915 Comments - Last post 9 hours ago by Insound
15 Comments - Last post 9 hours ago by Sooth
285 Comments - Last post 6 minutes ago by pizzahut
10,141 Comments - Last post 9 minutes ago by Sno1
14 Comments - Last post 10 minutes ago by JMM72
1,913 Comments - Last post 15 minutes ago by DufWhite
55 Comments - Last post 29 minutes ago by pizzahut
117 Comments - Last post 1 hour ago by Devirk
12 Comments - Last post 1 hour ago by Fluffster
My account has been stolen.
Email was changed as well as password and the steam autenticator removed.
What can I do fast?
The site that steals accounts:
Don't accept any friend requests or links in messages from anyone who said their acc was stolen in here
our accounts have been hacked and all 3 of us without account were his common friends.
AND DO NOT CLICK LINKS FROM HIM UNLESS IT IS SOLVED (you can also check comments on his profile)
Comment has been collapsed.