Yep, lesson learned, I'm never ever going to disable two-step authentication -
Comment has been collapsed.
also I didn't had any keyloggers
Well you can't possibly know that with 100% certainty though. And this would have to be my first guess as to how they managed to obtain 2 unique passwords from you. Otherwise it would have to be through brute force which is rather unlikely IMO....especially if they were fairly strong passwords.
But that aside, yeah Steam's support times are rather ridiculous. Thank goodness I haven't had to use it yet.
The 2-step email authentication is a darn good idea as well.
Comment has been collapsed.
PS: I would seriously consider doing a clean install of your OS at this point, if I were you.
Comment has been collapsed.
That's good advice, but currently and unfortunately I'm unable to reinstall OS, but I'm doing every possible scan/clean I can. Although I'm 100% sure my PC is clean, I checked everything, startup programs, services, cleaned with CCleaner, used antimalwares, even used ComboFix, etc etc.
Comment has been collapsed.
Actually, you only need access to email. Then you click "I forget my password", create new one and voila, you have access to Steam.
Or you only need to steal "cookies" (or whatever steam uses to authenticate accounts) and voila, full unrestricted access to Steam account.
Apparently it's a good thing Valve added phone verification, from what people say that thing really makes steam safe. For now, at least.
Comment has been collapsed.
Glad to hear that your account is back.
After reading this, i decided to add two step verification so things like this wont happen.
Comment has been collapsed.
Thanks, hope this'll never happen to you or anyone :)
Comment has been collapsed.
With two auth especially SMS protect/physical token (Steam has the former) it's downright impossible to hack any account unless there's security breach or exploit. You did mistake yourself.
Good to know though that the hacker is an idiot. But to know you got hacked by idiot....
He didn't empty your steam wallet or caused VAC ban right?
Comment has been collapsed.
Fortunately I had only few cents in wallet, nothing much valuable either in inventory, only few trading cards and profile background called zero background.
However, about VAC ban... I hope not so, I saw he had played dota 2, and in my recent played games, I saw CS:GO, which I don't own, however, family sharing was enabled when he gave me account, I disabled it, I'm not sure if dota 2 is VAC protected, since I'm not really interested in this game, he played dota 2 for 4.1 past two weeks, Killing Floor 0.7 hrs last two weeks, and Counter-Strike: Global Offensive 0.2 hrs on record, although I don't understand why there's CS:Go written, I don't own this game, I thought he purchased it with my account, but I don't see it in library, probably it's because of family sharing.
Hope he didn't use any cheats, I don't play VAC protected games at all, I have no interest in Valve games, but VAC ban would be heartbreaking, since I really don't want people to think I used cheats.
Comment has been collapsed.
What is the cost of sending... let's say 30 SMS in a month if I log on a different computer/browser everyday? Companies can send for less than 0.005$/SMS, so that's 15 cents/month. Yeah, I can pay that.
They keep saying they have the best benefice per employee, so they can make this for free if they want. If they don't, I would agree to pay 1 cent from my steam wallet everytime they have to send an SMS for security purposes.
Comment has been collapsed.
It happened to a friend of mine but it was kinda different.His email closed (the one he had for steam) so he couldnt login to recover his pass.
He sends a ticket to valve he had only bought dota via paysafe card.They replied to him that he must have had a receipt of his dota purchase (you throw the paper/paysafe card after its whole usage/cant be used as a valid receipt) and he never got it back.Thankfully it was only dota 2 so he just created a new steam acc.
Comment has been collapsed.
If you feel like adding an extra layer of protection activate Steamparental and opt out for everything, so they will need your ping to do anything with your account. Though if you feel like being kind to anybody who hacked your account and congratulate them for the effort then mark Bad Rats as family friendly.
Comment has been collapsed.
Gratz on winning what was yours :3
It's good you mention 2 step email auth. I believe it's more secure than Steam mobile 2 step, since I've read lost account stories when mobile app goes wrong. Also I might add a freebie SuperGenPass a bookmarklet (has other adaptations as well from others), or an app whichever phone you're using, generating unique passwords from a root pass depending on site basis.
Comment has been collapsed.
Thanks :)
Yep I prefer email 2 step, rather than steam guard mobile 2 step.
Comment has been collapsed.
Very happy ending :) You are lucky to get everything back, congrats! And don't make same mistakes again. Though two-factor authentication must help a lot.
Comment has been collapsed.
Thanks, I'll never do same mistakes again :) yeah I'm sure it'll do it's work perfectly.
Comment has been collapsed.
That's really frightening. Good thing you managed to get your account back. I can imagine Steam getting to your ticket a year after and locking your account based on your first support post though because they're incompetent. Here's hoping they aren't dumb
Comment has been collapsed.
Thanks!
Yesterday I again contacted Rockstar support, it seems like after they unlinked my Social club account, hacker had linked his own Social club account to my Steam account, so I was unable to link my Social club account yesterday, so I contacted Rockstar support yesterday, they successfully unlinked it, I saw message exactly 5 minutes ago, now I linked my Social club again, account and everything is okay!
Except one thing, the hacker had attached his own phone to my Steam Guard Mobile Authenticator, so he can change my password anytime, though he can't access account completely, all he can do is change my password, but that's not really big problem I guess, I contacted Steam support asking them to remove hacker's phone from my account, hope I won't have to wait another month, or god knows how longer, to get this solved, I saw email today about recent changes on password being successfully changed, then hacker tried to login, but he couldn't because of Steam guard sending code to my email, I also saw his IP address and reported it to Steam support, he's from Russia.
Comment has been collapsed.
So glad this had a happy ending.
I recently put up a thread about someone trying to break into my brother's Steam account. Fortunately he had SteamGuard turned on, so whoever managed to do it was unsuccessful.
Your example goes to show that even accounts of little monetary value can still be used for "joyriding" by little pricks like this kid. And Steam doesn't seem to be much help.
Strong authentication is really your best friend! Congrats on getting your account back.
Comment has been collapsed.
Thanks! :) yep, I already did everything, also the scary thing is that you can't change your email of Social club account, it simply says that this feature isn't available yet.
Comment has been collapsed.
No no, the person contacted me on my previous associated mail, he contacted me at www.mail.ru, but I'm still not sure if it'd be okay if I posted screenshot.
Comment has been collapsed.
GTA 5 and The Witcher 3 seem to get people hijacked. Social Club has some exploits that he was probably using on you. It doesn't make sense for TW3 though, where everything is drm-free and pirating a hassle-free installer with no cracks required would be simple. It is possible that you were compromised through Rockstar and not through anything you did yourself. I heard about it for retail copies but not Steam versions. And if you're connecting to Russian/CIS servers then Gaben help you, since you'll probably go through it again sooner than later. :/
Comment has been collapsed.
Seems logical, since hacker really, really wanted to play GTA V, so much he didn't care about anything else, he made GTA V his favorite game, I had level 3 online character, he got it level 20, bought apartment, cars, etc, he even unlocked some achievements, lol.
I'm really hoping I'm safe now, the only thing that's left to be done is Steam support deleting hacker's phone in my account, according to my last ticket, I guess I have to wait another month, otherwise hacker can change my password anytime, though he can't do anything else, I can change it back aswell, he's unable to login my account even though he can change password.
Comment has been collapsed.
1,528 Comments - Last post 38 minutes ago by LinustheBold
39 Comments - Last post 50 minutes ago by klingki
48 Comments - Last post 1 hour ago by nguyentandat23496
1,846 Comments - Last post 3 hours ago by MeguminShiro
454 Comments - Last post 6 hours ago by Rosefildo
16,316 Comments - Last post 6 hours ago by kungfujoe
104 Comments - Last post 11 hours ago by WaxWorm
70 Comments - Last post 12 minutes ago by axolotlprime
19 Comments - Last post 48 minutes ago by hbarkas
740 Comments - Last post 1 hour ago by GameZard
824 Comments - Last post 1 hour ago by Bum8ara5h
50 Comments - Last post 1 hour ago by xurc
31 Comments - Last post 2 hours ago by aquatorrent
72 Comments - Last post 2 hours ago by Cjcomplex
Ok so here's the story, it's been 1 month since my account was somehow hacked. Although, not yet discovered how.
Thread I made about this http://www.steamgifts.com/discussion/kpsOW/steam-account-and-mail-was-hacked after that day, I had to clear cookies so I couldn't login here anymore.
I also made Steam Support ticket right immediately after seeing my account was hacked, but sadly, Steam Support hasn't yet replied for 30~ days.
This happened two hours ago, a hacker contacted me on my old mail which was previously associated to my Steam account, I managed to recover it, unfortunately when it was recovered, hacker had already changed my Steam account's contact mail, so my only hope was Steam Support.
So how did I got my account back? hacker contacted me on my previous mail and asked me this,(I'd post screenshot but calling out isn't allowed), so he asked me to give him my Social club account so he can play GTA V, pretty stupid, isn't it? well, of course I didn't, I then spoke with him seriously and somehow persuaded him to give my account back, he then got scared so, after telling him that he's going to get banned, and etc, I now changed mails and everything, hopefully I'm 100% safe.
(Note: From the beginning, my Social club account was linked to GTA V in my Steam account, and much worse, indestructible Autologin feature was enabled, so you didn't had to type any account info, neither mail neither password needed, when you just clicked "Play" in Steam, it was automatically logging you in, allowing you to use and play GTA Online with an account that you don't even know anything about, from any PC with my Steam account. So what I did, I contacted Rockstar Support, they replied every 1-2 days and I managed to convince them to unlink my Social club account from my Steam account which was hacked, and hacker was playing GTAO with it, after that, hacker couldn't play anymore so that's the reason he contacted me in my mail, trying to scam/convince me to give him my Social club account so he could continue playing GTA V)
That's it, Steam Support wasn't helpful at all, I provided them screenshots of purchase, including my CC info and everything, they haven't replied for one month, so I updated my ticket and closed it on my own, also fortunately I didn't had anything valuable in my inventory.
Also I'd like to warn everyone, have two-step authentication always enabled on your emails, make sure you have Steam Guard enabled aswell, or two-step authentication won't matter, since to login your Steam account, hacker will need a code that'd be sent to your email, and to login your email, hacker would need your phone, which in my case I didn't had two-step authentication enabled, though I had Steam Guard, and it's not yet discovered how hacker guessed my passwords, I had unique, and different passwords, which was ONLY used for that single mail associated to my Steam account, and same on Steam, I aswell didn't fell for any phishing websites, neither nobody ever used my PC, and this is the only PC I used for last few years, also I didn't had any keyloggers, neither anyone knew anything about my personal info, even my best friends didn't knew anything about it, I never logged/registered in other website with same password as my email or Steam.
Also I'd like to share my experience with everyone who has Rockstar game in their account, make sure to NEVER, EVER, enable Autologin feature, or else you'll never be able to disable it, so hacker will login into your Social club account without knowing any info about it, this is what I'm talking about, screenshot:
Comment has been collapsed.