What should i do
Your options are a little limited! Do you regularly run anti-spyware scans? That'd be my first suggestion...
Comment has been collapsed.
The free edition of Malwareytes Anti-Spyware is an excellent start. If you're only using windows defender, I'd be amazed if it doesn't find a significant number of threats - if you've been using the PC for a few years, probably hundreds.
Comment has been collapsed.
Just saw your edit about the VPN. Be very careful with that. Especially if you're not paying for it, it's an enormous risk to use any secure sites through it...
Comment has been collapsed.
Yup, I only keep FileSystem Shield + Web Shield activated. Those are the important ones.
Comment has been collapsed.
I use only Windows Defender, too. Shouldn´t be a problem if you don´t execute every file you get ;). No virus scanner can detect the newest threats, there is no 100% security. And antivirus software often has security problems itself :(
Something to read ;) http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html
Longer, about https-interception, which about 50% of AV-products use to scan https-traffic: https://jhalderm.com/pub/papers/interception-ndss17.pdf (TLDR: jump to conclusion)
Comment has been collapsed.
I used Avira some time ago (the free version), don´t want it back for several reasons. For me Windows Defender is enough, others may use whatever they like ;)
This, and frequent backups of important files. And I use uBlock Origin. Could use NoScript if I wanted more security... but without Javascript most sites won´t work. virustotal.com if I want to scan specific files. Oh, and deinstall (or at least set to Click-to-Play) Flash. And deactivate Java in browser.
Comment has been collapsed.
Definitely run a scan with the Malwarebytes as Ape suggested. You very well could have some form of malware on your PC or you could of been phished.
If your password doesn't have at least one upper and lowercase letter, at least one number and at least one symbol as well you might want to include these things. Also making it at least 10 characters is highly recommended.
Comment has been collapsed.
Seven characters would only take a few hours to crack. I use a password manager (PasswordSafe) to generate random passwords for every site, and use 16 character passwords for general sites and 24 characters for important things.
Comment has been collapsed.
Actually it could take less than a half hour, I stated the wrong number with 7. It should be at least 10 with the the things I mentioned. That's the minimum. But yes of course the more the better.
Comment has been collapsed.
Pay attention to browser plugins. Some of them ask for way too many permissions for their purpose.
Is using VPN is security risk?
Also if you log in to Steam from your phone, you could have a nosy app that sniffs your stuff.
Comment has been collapsed.
I use PrivateTunnel
It doesn't matter. It's not safe for sensitive data, unless you want to be the victim of a MITM attack for example.
Btw, always make sure to triple check the URL to be genuine and not a slightly missspelled version of the original one (for instance, you hopefully noticed the sss instead of ss in the word misspelled).
Comment has been collapsed.
Mostly this
i just saw that https://www.steamgifts.com/discussion/938fy/
Thank you
Comment has been collapsed.
My password for steam is almost 1234 it's so simple.
But they'd have to have my phone to login so who cares.
I was just going to post it but i'd rather not have steamguard pop up with keys all day because idiots are trying.. >.> lol
If you're using that password for other things like banking/creditcards or for your email too I'd change that pretty quick.
Comment has been collapsed.
The option to ask for the Steam guard code to your email is for cases when you can't access your Steam guard on your phone anymore. Since you mentioned in your first post that the login included the correct password, they've got the access to do that request. Make sure the email address you're using on Steam has a unique password, I'd also recommend using 2-factor auth. on that email if you don't already have it enabled.
Comment has been collapsed.
"Is using VPN is security risk?"
It is. Don't send any sensitive info over VPN.
Comment has been collapsed.
If it's a paid VPN the risk is extremely minimal. It would have to be a rogue employee or something. No chance a legit VPN company is going to steal from its own customers.
I get that it's not physically impossible, but some amount of trust is simply impossible to avoid.
Comment has been collapsed.
Is using VPN is security risk?
Unless you are paying a nice sum for a trusted company for a secure VPN connection, then yes, it is. A pretty easy way to get some sensitive information, actually.
Russian groups deal in Steam accounts, either in abandoned or stolen/hacked ones. But in your case, I think they are just trying to steal your CS inventory, which is an even more common cybercrime related to Steam.
Or… well, it was actually you through that VPN. =D
Comment has been collapsed.
Do you have a 7-day trade lock on your account? Because then the attempted thief tried the authenticator removal which is presented at all login screens, and that automatically tries to fall back to the registered email. So I hope you have 2FA on your email account as well (most offer this security feature).
Comment has been collapsed.
Do you have a 7-day trade lock on your account?
i just tried,, and all is fine,, i can trade without hold
So I hope you have 2FA on your email account as well (most offer this security feature).
i wasn't , but my password wasn't the same in my email as steam
Comment has been collapsed.
Always use secondary authentication options where possible. For steam mobile authentication for any new browser or device is highly recommended.
It is possible that this wasn't generated by steam but some fake fraud system that used steam address as sent from. There are frauds that can act like this and send you emails with links to change your password etc, which eventually will result in you giving them your email/username and password.
Comment has been collapsed.
So no?
I genuinely found it funny to think the hacker could be himself. Nice thinking :P. And yes, it's possible.
Comment has been collapsed.
Friend who works in IT was telling me someone who called them in a panic, and it was this exactly. Pretty funny after the fact.
Comment has been collapsed.
Had the same problem with other sites when I forgot to turn my vpn off^^
Comment has been collapsed.
I would change passwords and I don't use VPN.
I use my paid versions of Eset Nod 32 AV and Malwarebytes, let them update in real time and to date I haven't had any trouble.
I also update my Windows, Firefox browser, Java and Adobe products regularly.
Comment has been collapsed.
PW changed
i started to think that this isn't my problem,,
My PC is clean [Malwarebytes&windows defender says thant]
its HB problem [ the same password for both accounts (stam&HB) ]
fortunately my email has different PW
Thank You Very Much ♥♥♥
Comment has been collapsed.
You can bet your monies, that your interwebs-traffic while using VPN got monitored/grubbed - by whomever.
Change your mail/applications pw, if you logged anywhere while using it (Thunderbird for example depending
on the mail-service it fetches it might send your pw/mail-name unprotected).
Knowing full and well the risk, i used some shitty free vpn once while paying with paypal inside a sandboxed browser
which i don't use for anything else > surprise/supplies ... someone with Pittsburgh IP logged into my PP account, he
didn't do anything (wuz a 50$ poorfag at the time) > changed pw on it, still not using 2FA because fuck it and PP is
as ridiculous that they will get your money back and screw over the seller "bcuz u got hack'd". /o/
Comment has been collapsed.
I have changed my PW , but i have to use VPN for some reasons
that's why i use PrivateTunnel, its good as i know, its not free and secure
but now im not sure,, maybe because of this https://www.steamgifts.com/discussion/938fy/
thank you
Comment has been collapsed.
29 Comments - Last post 25 minutes ago by hallak65
111 Comments - Last post 1 hour ago by Bohemius
16,702 Comments - Last post 2 hours ago by mjy
1,212 Comments - Last post 2 hours ago by ngoclong19
52 Comments - Last post 2 hours ago by Fluffster
33 Comments - Last post 3 hours ago by Spartaaaaan
262 Comments - Last post 3 hours ago by Cromwell
9 Comments - Last post 33 seconds ago by Keny123456
328 Comments - Last post 2 minutes ago by gus09
9 Comments - Last post 3 minutes ago by hbarkas
201 Comments - Last post 8 minutes ago by TheMuzo
338 Comments - Last post 50 minutes ago by aquatorrent
777 Comments - Last post 1 hour ago by Fitz10024
27 Comments - Last post 1 hour ago by dealowack
Hello SteamGifts users.
While i was surfing the internet , i got email from steam
MY question is ,, How in THE WORD would someone know my password [ its strong ]
I use original win 10 with original apps [no cracks, batches ... ets] and windows defender always up to date
Is using VPN is security risk?
i changed my password but still scare
Comment has been collapsed.