Steam Hijacked
Moderator: Moderators
-
- Master Bounty Hunter
- Posts: 1561
- Joined: Fri Feb 24, 2006 5:55 am
- Projects :: None.
- xbox live or psn: No gamertag set
- Location: Aussieland.
Steam Hijacked
My steam account was Hijacked by someone on my friend's list under the name Ripzor, so if you receive any messages from my account it isn't me.
I sent a ticket with my L4D Key pictures etc, so there is a possibility of getting it back.
EDIT: >>Scroll down and read my Post<< - Penguin
I sent a ticket with my L4D Key pictures etc, so there is a possibility of getting it back.
EDIT: >>Scroll down and read my Post<< - Penguin
-
- 2008 Most Technically Challenging Avatar
- Posts: 2376
- Joined: Tue Feb 12, 2008 7:46 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: NJ, USA
Re: Steam Hacked
this is probably completely unrelated/coincidental but on bfheroes some guy was talking about their steam account also getting hacked. the only thing you could gather from his and your incident i suppose is that some hacker is out there..DeathRow wrote:My steam account was hacked by someone on my friend's list under the name Ripzor, so if you receive any messages from my account it isn't me.
I sent a ticket with my L4D Key pictures etc, so there is a possibility of getting it back.
-
- Sith
- Posts: 1262
- Joined: Fri Nov 30, 2007 9:40 pm
Re: Steam Hacked
Haha. I thought it wasn't you. He wanted me to join a group for referals or something, and sent me to this one website that asked for my Steam account name and password. I entered them, but not before changing my password.
Then I changed it back. Stupid noobs thinking they can hack me.
Then I changed it back. Stupid noobs thinking they can hack me.
-
- 2008 Most Technically Challenging Avatar
- Posts: 2376
- Joined: Tue Feb 12, 2008 7:46 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: NJ, USA
Re: Steam Hacked
lol guess thats the best prevention from "nub hacking" then?Fingerfood wrote:Haha. I thought it wasn't you. He wanted me to join a group for referals or something, and sent me to this one website that asked for my Steam account name and password. I entered them, but not before changing my password.
Then I changed it back. Stupid noobs thinking they can hack me.
@deathrow-can you contact valve or anything?
-
- 2008 Most Original Avatar
- Posts: 3096
- Joined: Sun Aug 20, 2006 5:55 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: X-Fire: caleb1117 ಠ_ಠ
Re: Steam Hacked
Got me too.
I sent off an Email to Valve with my L4D CD key, + image.
Should have noticed the .tr on the end of the URL.
I sent off an Email to Valve with my L4D CD key, + image.
Should have noticed the .tr on the end of the URL.
-
- Sith
- Posts: 1304
- Joined: Fri Feb 03, 2006 12:16 am
- Contact:
Re: Steam Hacked
I swear that was you! I didn't type in anything and changed my security pass, so no problems here... :S (I got a phishing alert from the link-i still have the link)Caleb1117 wrote:Got me too.
I sent off an Email to Valve with my L4D CD key, + image.
Should have noticed the .tr on the end of the URL.
-
- 2008 Most Original Avatar
- Posts: 3096
- Joined: Sun Aug 20, 2006 5:55 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: X-Fire: caleb1117 ಠ_ಠ
Re: Steam Hacked
Yea, that's the last time I ignore Firefox.Ipodzanyman wrote:I swear that was you! I didn't type in anything and changed my security pass, so no problems here... :S (I got a phishing alert from the link-i still have the link)Caleb1117 wrote:Got me too.
I sent off an Email to Valve with my L4D CD key, + image.
Should have noticed the .tr on the end of the URL.
-
- Jedi Admin
- Posts: 2541
- Joined: Sun Mar 05, 2006 12:00 am
- Location: Australia
Re: Steam Hacked
Hijacked, not hacked. Learn your terms please.
An example of actual hacking, and for the sake of ontopicness, would be the TF2 incident where many users unlocked all achievements and unlockable weapons on their accounts. That was done by using an external program / and by modifying some of TF2 and steams ASPs to send the steam servers false information, telling the servers that the user had unlocked all their achievements.
To actually directly hack a steam account, the hacker would have to break into steams ACP, databases, or servers, or even modify their steam client to retrieve account information or change it. An indirect way would be packet sniffing the victim, sending them a key logger, or social engineering (Which has been done in this case.) etc. These indirect ways would only give the 'hacker' the users real account information, that they would then use to hijack the account.
--------------------------------------------------------------------------------------------
If you do get hijacked, contact Steam Support, its very easy to get back your account as long as you have proof of purchase (EG: CD keys).
Worst thing a hijacker could do is get your account VAC2 banned.
Never, ever, give out your passwords or enter them anywhere. Always use different passwords for different sites and check URLs for fishy links. If you had not entered your passwords anywhere then do a scan for spyware/keyloggers.
Steam never needs your password unless your logging into Steam, through the Steam program. All different subsidiaries of steam use different accounts and information, They encourage you to use different account names and passwords.
If any site claims to give you free games, cd keys, etc and require you to enter your steam username / password, they are fake. Steam does not require you to enter your account information. Steam uses Protocols in the browser to add games / cd keys directly to the account logged in with steam at the current time. They do not require your information.
hijackers / phishers are no way new to Steam. There are hundreds of bots, or devious users on steam regularly farming account information from users silly enough to allow them to. There are many ways they try to phish your information, most of the time its in a form of sending you a link to sites that claim to give you free steam games. Or requiring you to enter your account information in chat to validate some bogus reason.
Here's an example of one of the many phisher bots that tried to phish me.
Some things wrong with that chat, Ill point out the obvious; 1: Unicode in the name. 2: Asking for account information from a possibly hijacked account? If your account was hijacked, the hijacker would obviously know your account information. 3: At the top of EVERY chat window, is Never tell your password to anyone., that even links to this page; https://support.steampowered.com/kb_art ... _faqid=301.
Once a phisher or bot has hijacked someone's account, they use the new account to spread the scam to anyone on the victims friends list. And occasionally go through small steam groups as well. Once they've done that they either try to sell the account online, or simply leave the account unusable.
Most of the time if its just a devious user, its someone trying to harm other people by taking their account. A lot of the time its someone the victim already knows and has somehow angered, (or the hijacker is just angry for some unknown reason.). Most of the time, these users will try to use the account as their own. Recreating the friends list and steam profile. Try to get the account VAC2 banned so its no longer usable by the original owner. Or rarely give the account back to the victim if they feel sorry. (A few of my steam friends have done that to other friends that annoyed them.).
Quick little addition to the free stuff scams is that there is one around where the scammer gives you an account with games on it already (Either a newly created account or hijacked one with a game added by the hijacker.). They wait for you to buy new steam games for that account, then try to claim that account back through steam support as a hijacked account using the CD key that they added to the account, Then they repeat the process until Steam disables the account.
Almost all hijacked accounts are achieved through social engineering. The remainder are done from guessing your password, or brute force (Brute Force is by systematically going through possible passwords until they get one that's right.) EG:
a
b
c
d
...
aa
ab
ac
ad
etc.
An example of actual hacking, and for the sake of ontopicness, would be the TF2 incident where many users unlocked all achievements and unlockable weapons on their accounts. That was done by using an external program / and by modifying some of TF2 and steams ASPs to send the steam servers false information, telling the servers that the user had unlocked all their achievements.
To actually directly hack a steam account, the hacker would have to break into steams ACP, databases, or servers, or even modify their steam client to retrieve account information or change it. An indirect way would be packet sniffing the victim, sending them a key logger, or social engineering (Which has been done in this case.) etc. These indirect ways would only give the 'hacker' the users real account information, that they would then use to hijack the account.
--------------------------------------------------------------------------------------------
If you do get hijacked, contact Steam Support, its very easy to get back your account as long as you have proof of purchase (EG: CD keys).
Worst thing a hijacker could do is get your account VAC2 banned.
Never, ever, give out your passwords or enter them anywhere. Always use different passwords for different sites and check URLs for fishy links. If you had not entered your passwords anywhere then do a scan for spyware/keyloggers.
Steam never needs your password unless your logging into Steam, through the Steam program. All different subsidiaries of steam use different accounts and information, They encourage you to use different account names and passwords.
If any site claims to give you free games, cd keys, etc and require you to enter your steam username / password, they are fake. Steam does not require you to enter your account information. Steam uses Protocols in the browser to add games / cd keys directly to the account logged in with steam at the current time. They do not require your information.
hijackers / phishers are no way new to Steam. There are hundreds of bots, or devious users on steam regularly farming account information from users silly enough to allow them to. There are many ways they try to phish your information, most of the time its in a form of sending you a link to sites that claim to give you free steam games. Or requiring you to enter your account information in chat to validate some bogus reason.
Here's an example of one of the many phisher bots that tried to phish me.
You can easily notice so many errors with that. These scams only work by making the end user scared and more likely to give out information. (Or by offering free stuff.)Never tell your password to anyone.
3:29 PM - Stεam Automated Validation : Hello, Steam™ Automated Account Services received a support ticket ID:(207134) regarding the original ownership of this account. Steam Powered© has also detected various IP's logging into this account, and without verification, this account is in danger of being shut down within 24 hours. For verification of ownership and full control, please state your Account Name/Password. Thank you, and for any questions please refer to http://www.steampowered.com, or type !help for operative assistance.
3:30 PM - Stεam Automated Validation : Your account is still awaiting validation. Please state your username/password to gain full access to your account. If ownership is not verified, your account will be shut down in 24 hours. If you are experiencing problems or difficulties, type !help for operative assistance.
3:30 PM - FlyGemma :Þ: q.q bots make me saaaaaaaaaaad. Reported.
3:31 PM - Stεam Automated Validation : Query failed (at: 263x16496000)
3:31 PM - Stεam Automated Validation : We're sorry to inform you that the entered information was denied by our system. Please check for formatting errors. NOTE: Correct capitalization is required in both fields.
3:31 PM - FlyGemma :Þ: Account name LOL: Account password: WUT
3:31 PM - FlyGemma :Þ: Roflcaeks.
<Insert 30 minutes of macro notification popup spam from me>. GG phisher
Some things wrong with that chat, Ill point out the obvious; 1: Unicode in the name. 2: Asking for account information from a possibly hijacked account? If your account was hijacked, the hijacker would obviously know your account information. 3: At the top of EVERY chat window, is Never tell your password to anyone., that even links to this page; https://support.steampowered.com/kb_art ... _faqid=301.
Once a phisher or bot has hijacked someone's account, they use the new account to spread the scam to anyone on the victims friends list. And occasionally go through small steam groups as well. Once they've done that they either try to sell the account online, or simply leave the account unusable.
Most of the time if its just a devious user, its someone trying to harm other people by taking their account. A lot of the time its someone the victim already knows and has somehow angered, (or the hijacker is just angry for some unknown reason.). Most of the time, these users will try to use the account as their own. Recreating the friends list and steam profile. Try to get the account VAC2 banned so its no longer usable by the original owner. Or rarely give the account back to the victim if they feel sorry. (A few of my steam friends have done that to other friends that annoyed them.).
Quick little addition to the free stuff scams is that there is one around where the scammer gives you an account with games on it already (Either a newly created account or hijacked one with a game added by the hijacker.). They wait for you to buy new steam games for that account, then try to claim that account back through steam support as a hijacked account using the CD key that they added to the account, Then they repeat the process until Steam disables the account.
Almost all hijacked accounts are achieved through social engineering. The remainder are done from guessing your password, or brute force (Brute Force is by systematically going through possible passwords until they get one that's right.) EG:
a
b
c
d
...
aa
ab
ac
ad
etc.
-
- Master Bounty Hunter
- Posts: 1561
- Joined: Fri Feb 24, 2006 5:55 am
- Projects :: None.
- xbox live or psn: No gamertag set
- Location: Aussieland.
Re: Steam Hacked
I took pics of my L4D CD Key and started a ticket, so I may get it back.
-
- Sith
- Posts: 1262
- Joined: Fri Nov 30, 2007 9:40 pm
Re: Steam Hacked
This was the link if anyone wants to know.
-REMOVED-
Staff: Please do not link or share links to social engineering sites. While some of them require the user to enter their information, some simply only need the user to visit the site to exploit the users cookies and take their information, If you had recently logged into the steam forums with an account using the same account information as your STEAM account, they could take your steam account with that. - Penguin
If the acclaimed "DeathRow" gets on again, I'm going to spam him.
And if it is you, DeathRow, sorry.
-REMOVED-
Staff: Please do not link or share links to social engineering sites. While some of them require the user to enter their information, some simply only need the user to visit the site to exploit the users cookies and take their information, If you had recently logged into the steam forums with an account using the same account information as your STEAM account, they could take your steam account with that. - Penguin
If the acclaimed "DeathRow" gets on again, I'm going to spam him.
And if it is you, DeathRow, sorry.
-
- Lieutenant Colonel
- Posts: 539
- Joined: Fri Jun 08, 2007 1:18 am
- Projects :: Various Stuff- Weapon models. UDK Stuff
- xbox live or psn: Vintage Tagious
- Location: Terra Firma, Sol System; Milky Way
Re: Steam Hacked
This should be stickied or placed under Everything you need to know.
Also, if Valve does contact people (big if) there are far more official ways of doing so. The validation example Penguin posted (if they need one) would always be sent by companies through email, and it would never ask for user name/password. Or for larger, multi-user issues they would use the News feature.
@Fingerfood: Don't flame the troll, ignore him, and don't respond until Deathrow tells us himself on GT he's back on steam with his account.
Also, if Valve does contact people (big if) there are far more official ways of doing so. The validation example Penguin posted (if they need one) would always be sent by companies through email, and it would never ask for user name/password. Or for larger, multi-user issues they would use the News feature.
@Fingerfood: Don't flame the troll, ignore him, and don't respond until Deathrow tells us himself on GT he's back on steam with his account.
-
- Jedi Admin
- Posts: 2541
- Joined: Sun Mar 05, 2006 12:00 am
- Location: Australia
Re: Steam Hacked
Not trolling... Trolling is if the user is intentionally trying to provoke other users into a "flame war". Hijacking isn't trolling.VF501 wrote:@Fingerfood: Don't flame the troll, ignore him, and don't respond until Deathrow tells us himself on GT he's back on steam with his account.
-
- Lieutenant Colonel
- Posts: 539
- Joined: Fri Jun 08, 2007 1:18 am
- Projects :: Various Stuff- Weapon models. UDK Stuff
- xbox live or psn: Vintage Tagious
- Location: Terra Firma, Sol System; Milky Way
Re: Steam Hacked
"Don't Flame the Troll"
Lol I know what trolling is, just using a "generic" internet expression/meme at this point.
Lol I know what trolling is, just using a "generic" internet expression/meme at this point.
-
- 2008 Most Original Avatar
- Posts: 3096
- Joined: Sun Aug 20, 2006 5:55 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: X-Fire: caleb1117 ಠ_ಠ
Re: Steam Hacked
I better not be VAC Banned. I had just activated a TF2 guest pass, the clock is ticking.Penguin wrote:
Worst thing a hijacker could do is get your account VAC2 banned.
-
- Jedi Admin
- Posts: 2541
- Joined: Sun Mar 05, 2006 12:00 am
- Location: Australia
Re: Steam Hacked
You wont know for a few weeks - few months.Caleb1117 wrote:I better not be VAC Banned. I had just activated a TF2 guest pass, the clock is ticking.Penguin wrote:
Worst thing a hijacker could do is get your account VAC2 banned.
- plasmoidmonkey
- 2nd Lieutenant
- Posts: 418
- Joined: Wed Sep 13, 2006 6:47 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: I pay no heed to the limits of space-time.
Re: Steam Hacked
If anyone gets a message from me, ignore it. My account's been hijacked too. Hebes24's has as well.
-
- Sith Master
- Posts: 2594
- Joined: Sat Jun 03, 2006 5:15 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: In An Epic Space Battle!
- Contact:
Re: Steam Hijacked
Yeah, if I IM you over steam, it's not really me!
And I got it from Caleb/IronFist.
Are these CD keys the confirmation codes on the online/E-mail receipts? If not, where do I find them?
Edit: Never mind. I sent in a ticket with another type of info they said was also OK. Hopefully I can get it beck.
And I got it from Caleb/IronFist.
Are these CD keys the confirmation codes on the online/E-mail receipts? If not, where do I find them?
Edit: Never mind. I sent in a ticket with another type of info they said was also OK. Hopefully I can get it beck.
-
- Sith
- Posts: 1262
- Joined: Fri Nov 30, 2007 9:40 pm
Re: Steam Hijacked
Oh mah gosh. DeathRow just came on. Contemplating confrontation...
Really sorry about those who got their accounts hijacked. You shoulda been uber paranoid like me and changed your password a few times before entering it in.
EDIT:
Apparently the hijacker sold DeathRow's account.
http://steamcommunity.com/profiles/76561197995428326
And Caleb's:
http://steamcommunity.com/profiles/76561197997017944
Really sorry about those who got their accounts hijacked. You shoulda been uber paranoid like me and changed your password a few times before entering it in.
EDIT:
Apparently the hijacker sold DeathRow's account.
http://steamcommunity.com/profiles/76561197995428326
And Caleb's:
http://steamcommunity.com/profiles/76561197997017944
-
- Sith Master
- Posts: 2594
- Joined: Sat Jun 03, 2006 5:15 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: In An Epic Space Battle!
- Contact:
Re: Steam Hijacked
That son of a....
*gets sniper rifle*
*gets sniper rifle*
-
- 2008 Most Original Avatar
- Posts: 3096
- Joined: Sun Aug 20, 2006 5:55 pm
- Projects :: No Mod project currently.
- xbox live or psn: No gamertag set
- Location: X-Fire: caleb1117 ಠ_ಠ
Re: Steam Hijacked
WHAT!?!Fingerfood wrote:Oh mah gosh. DeathRow just came on. Contemplating confrontation...
Really sorry about those who got their accounts hijacked. You shoulda been uber paranoid like me and changed your password a few times before entering it in.
EDIT:
Apparently the hijacker sold DeathRow's account.
http://steamcommunity.com/profiles/76561197995428326
And Caleb's:
http://steamcommunity.com/profiles/76561197997017944
Piece of *expletive*
I guess they still can't do much damage, maybe if I'm really lucky they will buy a game for me.
I had to edit my Steam support submition, because I didn't write the ticket number above my CD key in the picture. I'm not that impressed with the service, took me awhile to figure out what they wanted me to do, and I still got it wrong. I'm at the 24 hour mark.