Steam security breach question from PROS! First problem I had had online in 7 years

T

TheDarkTao

Gawd
Joined
Feb 5, 2005
Messages
800
I have no idea if this is serious or not... :confused:

But I recently got a message from steam someone is trying to access my steam account from an address is Russia. :mad:

Obviously... since I am sitting here in California it does not look right. The message gave me a steam guard code to enter to authorize. Obviously I did not! I thought... shit maybe the E-mail was a scam f*** did I click something... but I double checked and it was in fact from Valve legit. Then I logged in on my PC and it asked if someone accessed my account from Russia.

I was wondering a few things if anyone here knows...

1) Does that mean they knew my password? Or does it just mean they made random guesses to try and access my steam account from Russia?:confused:

2) When I logged in the second time... I thought it said someone HAD accessed my account. Does that mean they somehow got access to my E-mail?:eek:

3) If they got access to my steam account, can you get access to the credit card through there?:mad:

Thanks... I am still trying to figure out how someone got this info... I am pretty good with online security. Truly do appreciate any help anyone could offer!
 
Had your password.

Not sure how they got it but most likely they compromised a site you had same password from a site you also used

Don't think they could get cc from steam. Go look but sounds like steam guard caught. Either way change your password now and don't use it on any othe sites
 
I am not a security expert or analyst, but I have noticed that Steam does not seem to ever display more than the last two digits of your credit card number, even when you go to Settings > View Account Details. If they are being smart about it, the full number shouldn't be stored anywhere on the client side.
 
They probably got a hold of your password but couldn't log in from their machine because of Steam Guard. Steam Guard sent you the e-mail with the code to let you know so you could make a decision. If your e-mail password was different from Steam then the likelihood that they accessed your Steam account is probably small. These social engineers usually are just crawling accounts to see if anyone has left the doors unlocked and won't go through the trouble of hacking the locks to get in.

Just to be safe I would update your security credentials after scanning your computer for viruses and malware.
 
was your email and steam passwords the same? Golden rule is your email password should never be the same as any other passwords you use. Preferably a unique password for each thing you use but thats alot to remember lol. Like stated already its a high chance they got your password from another site and tried it out on steam, but as long as they couldn't access your email you should be safe
 
a good app i use on my smartphone is 1password.

everyone should have it
 
Skripka said:
Until 1password's servers get hacked, just as LastPass did.
Click to expand...

Wrong, no passwords were ever leaked. It was only possible that the master password might be cracked, but you can always use 2FA.
 
xIronCrossx said:
Wrong, no passwords were ever leaked. It was only possible that the master password might be cracked, but you can always use 2FA.
Click to expand...

So they claim.

Given how every single goddamn company with data breaches in the last 3 years has blatantly lied about their severity to customers and everyone. I. Don't. Believe. It. For. A . Second.

And neither should you, BTW I have a bridge to sell you.
 
Wow... I dunno HOW they got my password. I don't believe anything else I own has the same password... I wonder how they did get that password? What is the best anti virus now-a-days? Bitdefender? Avira? I don't use kerpasky (spellin) so I will go with one of the free ones besides windows default one.

Kinda freaky actually been almost a decade since I have had any of my sensitive information touched! F**king phishers/hackers!

Thanks everyone for the useful tips!
 
Antivirus is good (pick your poison) but to be honest, the best method is just watch what you download/sites you visit etc.. (stay way from Porn, Torrents, Minecraft Mods etc.. etc..)

I've found your online habits put you more at risk and there are rarely an antivirus that will catch everything you expose your PC to if you just Willy Nilly the internet :)

I'm glad you caught it though, scary to think what it would have been like if you didn't have steam guard turned on.. even scarier if your steam and email password was the same (they could have gotten through the steam guard)
 
Do you need to run more than windows defender? So far I am still at an utter loss how they got my steam password... Really unnerving me since it is a password I didn't use alot...
 
Windows Defender only provides the most basic of protection and scanning performance and is not really enough on its own. Malwarebytes and Avast! are good tools to have in your arsenal (both have free versions available), along with commonsense browsing habits and protection. Only download from primary sources and trusted third parties, and if you have to browse the seedier areas of the internet use browser extensions like NoScript and µBlock Origin (uBlock/muBlock). To go one step further you can look for a HOSTS file that blocks gotcha sites, where links that change a single letter or something similar to run malicious script or get your personal details are blocked.

Have you ever clicked a link in Teamspeak or Steam Chat? Those are the favorite tactics of Steam hijackers. Always pay attention to the URL of the links you're clicking and do an internet search to do some research if you have any doubt.
 
I recently had a similar issue with Gmail. Single use, complex password. I never log in from any machine that isn't mine and somehow spam was sent to a few of my contacts supposedly coming from me at my gmail address but the headers showed it didn't actually come from the gmail servers. Google showed no activity from anywhere else so I can only assume an active session was compromised or something like that.

Still unsure how they were able to get a few of my contacts.
 
Sp33dFr33k said:
I recently had a similar issue with Gmail. Single use, complex password. I never log in from any machine that isn't mine and somehow spam was sent to a few of my contacts supposedly coming from me at my gmail address but the headers showed it didn't actually come from the gmail servers. Google showed no activity from anywhere else so I can only assume an active session was compromised or something like that.

Still unsure how they were able to get a few of my contacts.
Click to expand...

They breached one of your contacts, not you. That contact had your email address in their address book.
 
TheDarkTao said:
Do you need to run more than windows defender? So far I am still at an utter loss how they got my steam password... Really unnerving me since it is a password I didn't use alot...
Click to expand...

It could be 1 of two things.

Keylogged/Trojan - Unlikely as it may be, if you do a lot of suspicious downloading it's pretty easy to be infected with one that a typical anti-virus software won't pick up.

Password Database Stolen - Another site you signed up to using the same email and password was hacked and their password list is stolen. These password lists get combined and sold/uploaded on blackmarket sites for people to steal accounts from other services. They just run bots to input the username/pw on multiple sites until they get a hit. My Rockstar account got hit the other day and it was one of the few accounts I had that still ran a password I had used since 2009. Within that same timeframe major companies like Sony and Adobe have been hacked.

Consider that password burned.
 
This is going around. I had two of them last week, one after I had changed my password to a new completely unique one. No malware on either PC I have Steam on.

The only thing that possibly makes since is that the nVidia key redemption site for video card codes somehow got hacked (I've redeemed Batman and MGS codes in the last couple months) and they don't know it yet, as that is the only place outside of Steam I used my credentials. I don't even log into Steam from my browser.

Use SteamGuard and get the mobile authenticator through the Steam Android (and iOS I'm assuming) app. The weird part is I have had the authenticator since it came out in Steam beta, but I still got the emailed code request. I can't replicate it here. Steam asks me for the authenticator code.
 
TheSandman21 said:
This is going around. I had two of them last week, one after I had changed my password to a new completely unique one. No malware on either PC I have Steam on.

The only thing that possibly makes since is that the nVidia key redemption site for video card codes somehow got hacked (I've redeemed Batman and MGS codes in the last couple months) and they don't know it yet, as that is the only place outside of Steam I used my credentials. I don't even log into Steam from my browser.

Use SteamGuard and get the mobile authenticator through the Steam Android (and iOS I'm assuming) app. The weird part is I have had the authenticator since it came out in Steam beta, but I still got the emailed code request. I can't replicate it here. Steam asks me for the authenticator code.
Click to expand...

The Nvidia promo reedemer for steam logs in using steam authentication so no way of being hijacked through there.
 
evilsofa said:
They breached one of your contacts, not you. That contact had your email address in their address book.
Click to expand...

If they had they would only be emailing me, not emailing my contacts. The contacts "they" emailed would not have been in one of my contacts' address books. Would love to know how it's done to better avoid it ever happening again. Also odd that only a few contacts were used and only one email to each.
 
It happened to me several years ago, way before Steam Guard...

Someone from Germany had managed to login to my account and changed the password, email, and a bunch of the other contact details. Worse yet I didn't realize it for months because I was taking a break from gaming due to health issues.

Getting access to my account involved several emails to Valve technical support and providing proof that the account was indeed mine by giving them details of previous purchases I had made on the account.

Still have no idea how the hell they got or guessed my password but you better believe it's a hell of a lot stronger now and I take advantage of all of the additional layers of security I can. I also change my passwords routinely now whereas before I was pretty lax.
 
You must log in or register to reply here.
Back
Top