Steam Hijacked

Anything Steam or Source related! Show your off your SDK work, mods, etc here, found a fun SourceMod? Post about it here as well!

Moderator: Moderators

Master Bounty Hunter
User avatar
Posts: 1593
Joined: Fri Feb 24, 2006 5:55 am
Location: Aussieland.
Projects :: None.
Games I'm Playing :: Life
xbox live or psn: No gamertag set

Steam Hijacked

Postby DeathRow » Sun May 03, 2009 9:52 pm

My steam account was Hijacked by someone on my friend's list under the name Ripzor, so if you receive any messages from my account it isn't me.

:cry:

I sent a ticket with my L4D Key pictures etc, so there is a possibility of getting it back.

EDIT: >>Scroll down and read my Post<< - Penguin

2008 Most Technically Challenging Avatar
User avatar
Posts: 2376
Joined: Tue Feb 12, 2008 7:46 pm
Location: NJ, USA
Projects :: No Mod project currently.
Games I'm Playing :: League of Legends
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby obiboba3po » Sun May 03, 2009 9:54 pm

DeathRow wrote:My steam account was hacked by someone on my friend's list under the name Ripzor, so if you receive any messages from my account it isn't me.

:cry:

I sent a ticket with my L4D Key pictures etc, so there is a possibility of getting it back.

this is probably completely unrelated/coincidental but on bfheroes some guy was talking about their steam account also getting hacked. the only thing you could gather from his and your incident i suppose is that some hacker is out there..

Sith
Posts: 1323
Joined: Fri Nov 30, 2007 9:40 pm

Re: Steam Hacked

Postby Fingerfood » Sun May 03, 2009 9:57 pm

Haha. I thought it wasn't you. He wanted me to join a group for referals or something, and sent me to this one website that asked for my Steam account name and password. I entered them, but not before changing my password.

Then I changed it back. Stupid noobs thinking they can hack me. :P

2008 Most Technically Challenging Avatar
User avatar
Posts: 2376
Joined: Tue Feb 12, 2008 7:46 pm
Location: NJ, USA
Projects :: No Mod project currently.
Games I'm Playing :: League of Legends
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby obiboba3po » Sun May 03, 2009 9:59 pm

Fingerfood wrote:Haha. I thought it wasn't you. He wanted me to join a group for referals or something, and sent me to this one website that asked for my Steam account name and password. I entered them, but not before changing my password.

Then I changed it back. Stupid noobs thinking they can hack me. :P

lol guess thats the best prevention from "nub hacking" then? :P
@deathrow-can you contact valve or anything?

2008 Most Original Avatar
User avatar
Posts: 3101
Joined: Sun Aug 20, 2006 5:55 pm
Location: X-Fire: caleb1117 ಠ_ಠ
Projects :: No Mod project currently.
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby Caleb1117 » Sun May 03, 2009 10:26 pm

Got me too. :x

I sent off an Email to Valve with my L4D CD key, + image.

Should have noticed the .tr on the end of the URL.

Sith
User avatar
Posts: 1310
Joined: Fri Feb 03, 2006 12:16 am
Games I'm Playing :: ME3 Demo

Re: Steam Hacked

Postby Ipodzanyman » Sun May 03, 2009 10:43 pm

Caleb1117 wrote:Got me too. :x

I sent off an Email to Valve with my L4D CD key, + image.

Should have noticed the .tr on the end of the URL.


I swear that was you! I didn't type in anything and changed my security pass, so no problems here... :S (I got a phishing alert from the link-i still have the link)

2008 Most Original Avatar
User avatar
Posts: 3101
Joined: Sun Aug 20, 2006 5:55 pm
Location: X-Fire: caleb1117 ಠ_ಠ
Projects :: No Mod project currently.
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby Caleb1117 » Sun May 03, 2009 10:47 pm

Ipodzanyman wrote:
Caleb1117 wrote:Got me too. :x

I sent off an Email to Valve with my L4D CD key, + image.

Should have noticed the .tr on the end of the URL.


I swear that was you! I didn't type in anything and changed my security pass, so no problems here... :S (I got a phishing alert from the link-i still have the link)


Yea, that's the last time I ignore Firefox.

Jedi Admin (Formally Penguin)
User avatar
Posts: 2537
Joined: Sun Mar 05, 2006 12:00 am
Location: 127.0.0.1
Projects :: Operation Katana [SWBF 2 Map Series]
Games I'm Playing :: Minecraft GMod CSS

Re: Steam Hacked

Postby Kateana » Sun May 03, 2009 11:07 pm

Hijacked, not hacked. Learn your terms please.

An example of actual hacking, and for the sake of ontopicness, would be the TF2 incident where many users unlocked all achievements and unlockable weapons on their accounts. That was done by using an external program / and by modifying some of TF2 and steams ASPs to send the steam servers false information, telling the servers that the user had unlocked all their achievements.

To actually directly hack a steam account, the hacker would have to break into steams ACP, databases, or servers, or even modify their steam client to retrieve account information or change it. An indirect way would be packet sniffing the victim, sending them a key logger, or social engineering (Which has been done in this case.) etc. These indirect ways would only give the 'hacker' the users real account information, that they would then use to hijack the account.
--------------------------------------------------------------------------------------------

If you do get hijacked, contact Steam Support, its very easy to get back your account as long as you have proof of purchase (EG: CD keys).

Worst thing a hijacker could do is get your account VAC2 banned.

Never, ever, give out your passwords or enter them anywhere. Always use different passwords for different sites and check URLs for fishy links. If you had not entered your passwords anywhere then do a scan for spyware/keyloggers.

Steam never needs your password unless your logging into Steam, through the Steam program. All different subsidiaries of steam use different accounts and information, They encourage you to use different account names and passwords.

If any site claims to give you free games, cd keys, etc and require you to enter your steam username / password, they are fake. Steam does not require you to enter your account information. Steam uses Protocols in the browser to add games / cd keys directly to the account logged in with steam at the current time. They do not require your information.

hijackers / phishers are no way new to Steam. There are hundreds of bots, or devious users on steam regularly farming account information from users silly enough to allow them to. There are many ways they try to phish your information, most of the time its in a form of sending you a link to sites that claim to give you free steam games. Or requiring you to enter your account information in chat to validate some bogus reason.

Here's an example of one of the many phisher bots that tried to phish me.

Never tell your password to anyone.
3:29 PM - Stεam Automated Validation : Hello, Steam™ Automated Account Services received a support ticket ID:(207134) regarding the original ownership of this account. Steam Powered© has also detected various IP's logging into this account, and without verification, this account is in danger of being shut down within 24 hours. For verification of ownership and full control, please state your Account Name/Password. Thank you, and for any questions please refer to http://www.steampowered.com, or type !help for operative assistance.
3:30 PM - Stεam Automated Validation : Your account is still awaiting validation. Please state your username/password to gain full access to your account. If ownership is not verified, your account will be shut down in 24 hours. If you are experiencing problems or difficulties, type !help for operative assistance.
3:30 PM - FlyGemma :Þ: q.q bots make me saaaaaaaaaaad. Reported.
3:31 PM - Stεam Automated Validation : Query failed (at: 263x16496000)
3:31 PM - Stεam Automated Validation : We're sorry to inform you that the entered information was denied by our system. Please check for formatting errors. NOTE: Correct capitalization is required in both fields.
3:31 PM - FlyGemma :Þ: Account name LOL: Account password: WUT
3:31 PM - FlyGemma :Þ: Roflcaeks.
<Insert 30 minutes of macro notification popup spam from me>. GG phisher :D


You can easily notice so many errors with that. These scams only work by making the end user scared and more likely to give out information. (Or by offering free stuff.)

Some things wrong with that chat, Ill point out the obvious; 1: Unicode in the name. 2: Asking for account information from a possibly hijacked account? If your account was hijacked, the hijacker would obviously know your account information. 3: At the top of EVERY chat window, is Never tell your password to anyone., that even links to this page; https://support.steampowered.com/kb_art ... _faqid=301.
Once a phisher or bot has hijacked someone's account, they use the new account to spread the scam to anyone on the victims friends list. And occasionally go through small steam groups as well. Once they've done that they either try to sell the account online, or simply leave the account unusable.

Most of the time if its just a devious user, its someone trying to harm other people by taking their account. A lot of the time its someone the victim already knows and has somehow angered, (or the hijacker is just angry for some unknown reason.). Most of the time, these users will try to use the account as their own. Recreating the friends list and steam profile. Try to get the account VAC2 banned so its no longer usable by the original owner. Or rarely give the account back to the victim if they feel sorry. (A few of my steam friends have done that to other friends that annoyed them.).

Quick little addition to the free stuff scams is that there is one around where the scammer gives you an account with games on it already (Either a newly created account or hijacked one with a game added by the hijacker.). They wait for you to buy new steam games for that account, then try to claim that account back through steam support as a hijacked account using the CD key that they added to the account, Then they repeat the process until Steam disables the account.

Almost all hijacked accounts are achieved through social engineering. The remainder are done from guessing your password, or brute force (Brute Force is by systematically going through possible passwords until they get one that's right.) EG:

a
b
c
d
...
aa
ab
ac
ad

etc.

Master Bounty Hunter
User avatar
Posts: 1593
Joined: Fri Feb 24, 2006 5:55 am
Location: Aussieland.
Projects :: None.
Games I'm Playing :: Life
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby DeathRow » Sun May 03, 2009 11:34 pm

I took pics of my L4D CD Key and started a ticket, so I may get it back.

Sith
Posts: 1323
Joined: Fri Nov 30, 2007 9:40 pm

Re: Steam Hacked

Postby Fingerfood » Sun May 03, 2009 11:40 pm

This was the link if anyone wants to know.

-REMOVED-
Staff: Please do not link or share links to social engineering sites. While some of them require the user to enter their information, some simply only need the user to visit the site to exploit the users cookies and take their information, If you had recently logged into the steam forums with an account using the same account information as your STEAM account, they could take your steam account with that. - Penguin


If the acclaimed "DeathRow" gets on again, I'm going to spam him.

And if it is you, DeathRow, sorry. :P

Lieutenant Colonel
User avatar
Posts: 539
Joined: Fri Jun 08, 2007 1:18 am
Location: Terra Firma, Sol System; Milky Way
Projects :: Various Stuff- Weapon models. UDK Stuff
Games I'm Playing :: Fallout New Vegas
xbox live or psn: Vintage Tagious

Re: Steam Hacked

Postby VF501 » Sun May 03, 2009 11:45 pm

This should be stickied or placed under Everything you need to know.

Also, if Valve does contact people (big if) there are far more official ways of doing so. The validation example Penguin posted (if they need one) would always be sent by companies through email, and it would never ask for user name/password. Or for larger, multi-user issues they would use the News feature.

@Fingerfood: Don't flame the troll, ignore him, and don't respond until Deathrow tells us himself on GT he's back on steam with his account.

Jedi Admin (Formally Penguin)
User avatar
Posts: 2537
Joined: Sun Mar 05, 2006 12:00 am
Location: 127.0.0.1
Projects :: Operation Katana [SWBF 2 Map Series]
Games I'm Playing :: Minecraft GMod CSS

Re: Steam Hacked

Postby Kateana » Mon May 04, 2009 12:04 am

VF501 wrote:@Fingerfood: Don't flame the troll, ignore him, and don't respond until Deathrow tells us himself on GT he's back on steam with his account.


Not trolling... :lol: Trolling is if the user is intentionally trying to provoke other users into a "flame war". Hijacking isn't trolling.

Lieutenant Colonel
User avatar
Posts: 539
Joined: Fri Jun 08, 2007 1:18 am
Location: Terra Firma, Sol System; Milky Way
Projects :: Various Stuff- Weapon models. UDK Stuff
Games I'm Playing :: Fallout New Vegas
xbox live or psn: Vintage Tagious

Re: Steam Hacked

Postby VF501 » Mon May 04, 2009 12:12 am

"Don't Flame the Troll"

Lol I know what trolling is, just using a "generic" internet expression/meme at this point.

2008 Most Original Avatar
User avatar
Posts: 3101
Joined: Sun Aug 20, 2006 5:55 pm
Location: X-Fire: caleb1117 ಠ_ಠ
Projects :: No Mod project currently.
xbox live or psn: No gamertag set

Re: Steam Hacked

Postby Caleb1117 » Mon May 04, 2009 7:06 am

Penguin wrote:
Worst thing a hijacker could do is get your account VAC2 banned.



I better not be VAC Banned. I had just activated a TF2 guest pass, the clock is ticking.

Jedi Admin (Formally Penguin)
User avatar
Posts: 2537
Joined: Sun Mar 05, 2006 12:00 am
Location: 127.0.0.1
Projects :: Operation Katana [SWBF 2 Map Series]
Games I'm Playing :: Minecraft GMod CSS

Re: Steam Hacked

Postby Kateana » Mon May 04, 2009 7:06 am

Caleb1117 wrote:
Penguin wrote:
Worst thing a hijacker could do is get your account VAC2 banned.



I better not be VAC Banned. I had just activated a TF2 guest pass, the clock is ticking.


You wont know for a few weeks - few months.

1st Lieutenant
User avatar
Posts: 431
Joined: Wed Sep 13, 2006 6:47 pm
Location: I pay no heed to the limits of space-time.

Re: Steam Hacked

Postby plasmoidmonkey » Mon May 04, 2009 7:39 am

If anyone gets a message from me, ignore it. My account's been hijacked too. Hebes24's has as well.

Sith Master
User avatar
Posts: 2652
Joined: Sat Jun 03, 2006 5:15 pm
Location: In An Epic Space Battle!

Re: Steam Hijacked

Postby Hebes24 » Mon May 04, 2009 3:11 pm

Yeah, if I IM you over steam, it's not really me!

And I got it from Caleb/IronFist.

Are these CD keys the confirmation codes on the online/E-mail receipts? If not, where do I find them?

Edit: Never mind. I sent in a ticket with another type of info they said was also OK. Hopefully I can get it beck.

Sith
Posts: 1323
Joined: Fri Nov 30, 2007 9:40 pm

Re: Steam Hijacked

Postby Fingerfood » Mon May 04, 2009 5:47 pm

Oh mah gosh. DeathRow just came on. Contemplating confrontation... :wink:

Really sorry about those who got their accounts hijacked. You shoulda been uber paranoid like me and changed your password a few times before entering it in. :P

EDIT:
Apparently the hijacker sold DeathRow's account.

http://steamcommunity.com/profiles/76561197995428326

And Caleb's:

http://steamcommunity.com/profiles/76561197997017944

Sith Master
User avatar
Posts: 2652
Joined: Sat Jun 03, 2006 5:15 pm
Location: In An Epic Space Battle!

Re: Steam Hijacked

Postby Hebes24 » Mon May 04, 2009 7:18 pm

That son of a....

*gets sniper rifle*

2008 Most Original Avatar
User avatar
Posts: 3101
Joined: Sun Aug 20, 2006 5:55 pm
Location: X-Fire: caleb1117 ಠ_ಠ
Projects :: No Mod project currently.
xbox live or psn: No gamertag set

Re: Steam Hijacked

Postby Caleb1117 » Mon May 04, 2009 9:20 pm

Fingerfood wrote:Oh mah gosh. DeathRow just came on. Contemplating confrontation... :wink:

Really sorry about those who got their accounts hijacked. You shoulda been uber paranoid like me and changed your password a few times before entering it in. :P

EDIT:
Apparently the hijacker sold DeathRow's account.

http://steamcommunity.com/profiles/76561197995428326

And Caleb's:

http://steamcommunity.com/profiles/76561197997017944


WHAT!?!

Piece of *expletive*
I guess they still can't do much damage, maybe if I'm really lucky they will buy a game for me.

I had to edit my Steam support submition, because I didn't write the ticket number above my CD key in the picture. :roll: I'm not that impressed with the service, took me awhile to figure out what they wanted me to do, and I still got it wrong. I'm at the 24 hour mark.

Next

Return to Steam Games

Who is online

Users browsing this forum: No registered users and 3 guests