Results 1 to 3 of 3

Thread: STEAM Account Hacks

  1. #1
    Join Date
    Nov 2004
    Posts
    5,192
    Rep Power
    25

    Default STEAM Account Hacks

    So recently - like a few days ago - my STEAM account got hacked. I believe I know how and have since secured it.

    Apparently a friend of mine had their account hacked and had sent out a link saying they got some gift card from STEAM. Using my mobile I wasn’t able to fully view the details in the URL, but because it’s someone I know personally and trusted I opened the link. Came to a STEAM page that required sign in - a bit odd but it did have the authenticator (STEAM Guard) code stuff and all that so I went along. This was done while I was at work - I should have been more diligent.

    Got locked out of my account and LITERALLY JUST GOT BACK ACCESS. Reinstalled stuff on my PC and realized my STEAM password didn’t work. Went through and realized it may have been some Russians. Please be careful with links you get - they’re using all kinds of methods to get into your stuff now.

    The problem here? I’ve lost ALL of my contacts. Going take time to get back everyone - so if you had me in your list before - please add me back.

    Again - be careful.

    *EDIT*
    I have to give props to the phishing method though. It involved the use of the STEAM Guard code and then cutting off the user once they got logged in. It's elaborate and well done.

    What I need to find out - which I've already asked STEAM support - is what data was accessed and such.

    Accessing from desktop would have shown some more info. I checked my browser history on my phone - all of the links from "https://steamcommumutiy.com/" - which has two letters out of place. Well - wrong spelling overall. So it was missed because I was driving.

    The site is no longer up - seems to have been taken down. Either by reports made or because they've gotten into enough accounts.

    There may be others like that in future - so please be careful.
    Last edited by khat17; Oct 21, 2023 at 02:03 PM.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  2. #2
    Join Date
    Sep 2004
    Posts
    1,905
    Rep Power
    21

    Default

    I feel your pain

    Because of phishing, I constantly blocking emails from weird websites in my work email. Block Block Block. The topic is familiar, User name seems OK, but the email it is coming from is peculiar when viewing the email details.

    I do not even like to use autofill in chrome on home pc on new pages. Just by entering part of my name, I may be tempted to click the autofill of my completed name, and that could send all sort of info to the page filling other hidden fields. Eg, the page may not display "address field/etc" because they are coded in a hidden way. All those field would be autofill without my knowledge when I send or even before that. I always type my full name unless it is a known site.

    And when I am not sure about the spelling of the known web site then i launch from a favorites link and navigate and log in there

    Hope you get back your friends list
    Let's act on what we agree on now, and argue later on what we don't.
    Black men leave Barbeque alone if Barbeque don't trouble you

  3. #3
    Join Date
    Jul 2002
    Posts
    5,446
    Rep Power
    10

    Default

    Quote Originally Posted by khat17 View Post
    Accessing from desktop would have shown some more info. I checked my browser history on my phone - all of the links from "https://steamcommumutiy.com/" - which has two letters out of place. Well - wrong spelling overall. So it was missed because I was driving.
    That's all it takes, a malicious URL that passes the speed read/scan check. It could happen to anybody, especially one so sophisticated. This is why many important sites are using 2FA.
    Team Leader
    TechJamaica.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •