Hijacked, not hacked. Learn your terms please.
An example of actual hacking, and for the sake of ontopicness, would be the TF2 incident where many users unlocked all achievements and unlockable weapons on their accounts. That was done by using an external program / and by modifying some of TF2 and steams ASPs to send the steam servers false information, telling the servers that the user had unlocked all their achievements.
To actually directly hack a steam account, the hacker would have to break into steams ACP, databases, or servers, or even modify their steam client to retrieve account information or change it. An indirect way would be packet sniffing the victim, sending them a key logger, or social engineering (Which has been done in this case.) etc. These indirect ways would only give the 'hacker' the users real account information, that they would then use to
hijack the account.
--------------------------------------------------------------------------------------------
If you do get hijacked, contact
Steam Support, its very easy to get back your account as long as you have proof of purchase (EG: CD keys).
Worst thing a hijacker could do is get your account VAC2 banned.
Never, ever, give out your passwords or enter them anywhere. Always use different passwords for different sites and check URLs for fishy links. If you had not entered your passwords anywhere then do a scan for spyware/keyloggers.
Steam never needs your password unless your logging into Steam, through the Steam program. All different subsidiaries of steam use different accounts and information, They encourage you to use different account names and passwords.
If any site claims to give you free games, cd keys, etc and require you to enter your steam username / password, they are fake. Steam does not require you to enter your account information. Steam uses Protocols in the browser to add games / cd keys directly to the account logged in with steam at the current time. They do not require your information.
hijackers / phishers are no way new to Steam. There are hundreds of bots, or devious users on steam regularly farming account information from users silly enough to allow them to. There are many ways they try to phish your information, most of the time its in a form of sending you a link to sites that claim to give you free steam games. Or requiring you to enter your account information in chat to validate some bogus reason.
Here's an example of one of the many phisher bots that tried to phish me.
Never tell your password to anyone.
3:29 PM - Stεam Automated Validation : Hello, Steam™ Automated Account Services received a support ticket ID:(207134) regarding the original ownership of this account. Steam Powered© has also detected various IP's logging into this account, and without verification, this account is in danger of being shut down within 24 hours. For verification of ownership and full control, please state your Account Name/Password. Thank you, and for any questions please refer to
http://www.steampowered.com, or type !help for operative assistance.
3:30 PM - Stεam Automated Validation : Your account is still awaiting validation. Please state your username/password to gain full access to your account. If ownership is not verified, your account will be shut down in 24 hours. If you are experiencing problems or difficulties, type !help for operative assistance.
3:30 PM - FlyGemma :Þ: q.q bots make me saaaaaaaaaaad. Reported.
3:31 PM - Stεam Automated Validation : Query failed (at: 263x16496000)
3:31 PM - Stεam Automated Validation : We're sorry to inform you that the entered information was denied by our system. Please check for formatting errors. NOTE: Correct capitalization is required in both fields.
3:31 PM - FlyGemma :Þ: Account name LOL: Account password: WUT
3:31 PM - FlyGemma :Þ: Roflcaeks.
<Insert 30 minutes of macro notification popup spam from me>. GG phisher
You can easily notice so many errors with that. These scams only work by making the end user scared and more likely to give out information. (Or by offering free stuff.)
Some things wrong with that chat, Ill point out the obvious; 1: Unicode in the name. 2: Asking for account information from a possibly hijacked account? If your account was hijacked, the hijacker would obviously know your account information. 3: At the top of EVERY chat window, is
Never tell your password to anyone., that even links to this page;
https://support.steampowered.com/kb_art ... _faqid=301.
Once a phisher or bot has hijacked someone's account, they use the new account to spread the scam to anyone on the victims friends list. And occasionally go through small steam groups as well. Once they've done that they either try to sell the account online, or simply leave the account unusable.
Most of the time if its just a devious user, its someone trying to harm other people by taking their account. A lot of the time its someone the victim already knows and has somehow angered, (or the hijacker is just angry for some unknown reason.). Most of the time, these users will try to use the account as their own. Recreating the friends list and steam profile. Try to get the account VAC2 banned so its no longer usable by the original owner. Or rarely give the account back to the victim if they feel sorry. (A few of my steam friends have done that to other friends that annoyed them.).
Quick little addition to the free stuff scams is that there is one around where the scammer gives you an account with games on it already (Either a newly created account or hijacked one with a game added by the hijacker.). They wait for you to buy new steam games for that account, then try to claim that account back through steam support as a hijacked account using the CD key that they added to the account, Then they repeat the process until Steam disables the account.
Almost all hijacked accounts are achieved through social engineering. The remainder are done from guessing your password, or brute force (Brute Force is by systematically going through possible passwords until they get one that's right.) EG:
a
b
c
d
...
aa
ab
ac
ad
etc.