Steam Account Hacked

Discussion in 'Random Nonsense' started by booman, Nov 6, 2017.

  1. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    My Steam account finally got hacked last night.
    I woke up this morning and found that my Steam password was changed, email associated with Steam changed, phone number changed and security Guard enabled.

    My password was fairly short but had all the standard symbols, uppercase, lowercase, etc.

    I reached out to Valve Support... they have a form in place because this happens all the time. It asked for recent purchases, Credit Card last 4 digits, PayPal invoice and a place to enter notes.
    I was starting to wonder if the form was a phishing page, but I trust Valve for the most part.

    So we'll see if Valve can restore my account and lock it out for me to reset everything. I've had this account for over 10 years and never been hacked in the past... guess it was only a matter of time.

    Tip: Update your password to 14 characters with symbols, uppercase, lowercase and make it a phrase of some sort.
  2. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    11,352
    Likes Received:
    169
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    bummer dude!

    I hope they get this sorted for you. Did your hacker on a spending spree?
  3. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    Nope, because I don't have a credit card or paypal on file.
    All they can do is download all of my games.
    They can steal my Keys too, but they are only associated with my Steam account.

    I bet its someone trying to gain a Steam account to create MMO characters and sell them. Something stupid like that.

    The account is now locked and I'm waiting on my Valve ticket to resolve or restore my account email/phone/etc
  4. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Ten years of smooth sailing can't be beat, glad that this is a "small" hack. One of my CC's goes bad so often that I've stopped using it--almost. Sometimes an entity refuses my other card. Dunno why, it's almost as good as gold.
  5. Gizmo

    Gizmo Chief Site Administrator Staff Member

    Joined:
    Dec 6, 2012
    Messages:
    2,282
    Likes Received:
    172
    Trophy Points:
    63
    Location:
    Webb City, Missouri
    Home page:
    I've been working with computers since around about '81 I think, I've been online in one form or another since '84? (BBSes and FidoNet, originally). I've had an e-mail account since about '86 or so, IIRC.

    SO FAR, I've not had anyone steal my account credentials or CC info. I've only had one computer virus, and that was back in the early '90s when such things were just getting started.

    Guess I just don't have anything anyone wants. ;)
    booman likes this.
  6. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    11,352
    Likes Received:
    169
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    Same, Same. Never hacked, never infected... I've had my anti-virus screw me up half dozen times.My biggest problem with things messing with a good install was...
    Well... MS updates. Especially when my Win. version was aging.

    There is a fair amount to be said for being to poor to be noticed by commercial hackers.
    Bill Gates now there's a fellow worth the hacking! ":O}
  7. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    I've been infected once back when I was new to computers in 2003. I was getting pop-up ads and thought a free pop-up blocker would fix it... Nope! Infected!
    Now I help people with their computers for a living...

    I can only guess a few reasons why someone would want my Steam account:
    • Access to my games and/or cloud saves
    • Purchase games as a gift for themselves via CC or PayPal or Steam Credit
    • Chat information/posts with my personal information or passwords
    Sad for them because I do not keep Credit Card or PayPal information in my Steam account. I purchase once and its not saved. Not even passwords are saved in my browser. Also, I mostly use Steam offline so there isn't a whole lot of Steam saves.

    Not to mention once I locked the account they can only play my games offline. So if anything, they got some free games until they reboot their computer... which will inevitably happen.

    I think they got my login via reddit. I shouldn't have used my email as my screen name/login. So I deleted my account and created a gamersonlinux reddit account.
  8. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    11,352
    Likes Received:
    169
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    "There is no living thing without some concept of self defense."
    I don't know who said that?
  9. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Wish I was as computering savvy, but you all have about a decade on me. And I forget important stuff way too easily.

    I have 2 CC's, each from very big banks. One has gone bad once in about 11 years, the other thrice over the same period. I have two watch dogs, one is quite reasonable in price, the other is a bit less than $20 per month. The cheaper one seems to work better. Naturally. I store pass words no where, but I do write them down in the interest of smooth commerce (perhaps a burglar could grab them--very doubtful--I live in a po' people's zone.) Very little worth stealing here. And I'm at home almost always.
  10. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    I reuse a lot of my passwords, but in different configurations.
    I always add symbols, special characters and caps.

    I'm sure Steam accounts get hacked all the time like Facebook accounts.

    So I use my password system and never document it. In the case of my death, nobody would be able to get into my accounts. I guess I could use an encrypted file to store my passwords? But even that can be cracked I'm sure...

    Maybe write down your passwords in a code format.
  11. Gizmo

    Gizmo Chief Site Administrator Staff Member

    Joined:
    Dec 6, 2012
    Messages:
    2,282
    Likes Received:
    172
    Trophy Points:
    63
    Location:
    Webb City, Missouri
    Home page:
    My passwords are always based on electronic component part numbers. I then apply a mental rule regarding how I 'stir' them up. As a consequence, pretty much the ONLY way you are guessing my password is via a brute-force attack, and since they are at least 16 characters, well, you do the math......:p3:)

    This works great, because my passwords always mean something to me but are complete gibberish to anyone else and use the full gamut of the character set (upper and lower case, symbols and numbers).

    My biggest problem is that my computer requires no less than 5 different passwords from poweron to desktop. It takes me 5 minutes just to login!!!

    I have a password file that I keep encrypted using a implementation of the TwoFish encryption algorithm that I wrote (as a side project for something else I was working on at the time). It's encrypted with a passphrase and stored on a USB drive that uses a thumbprint lock.

    My hard drives are configured to self-wipe after 6 consecutive unsuccessful login attempts as well. Makes login with a hangover rather interesting sometimes.
    booman likes this.
  12. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
    Always change your email password, as soon as you realize another account has been hacked. There's always a chance they got access to your email first, and used that to get access to other accounts.
  13. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    The difference in password capability between some of our senior and knowledgeable Members and me is amazing. Amazingly good for you guys and "Duuuh" for me. At least I only do damage to myself ttbmk.

    Twitch intended for a mature audience? Shoot, I act like I'm three or eleven most of the time. Beyond the Terrible Two's anyway.
  14. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    Exactly, I updated my email password and all of my other clients: origin, uplay, etc.
    Not that I keep any passwords in my emails, but because I used the same password for those clients as Steam.

    I think he was able to change my Steam email & password because I didn't have a phone number associated with my account. You know... Steam Guard sends a verification to my phone. So when he force hacked my password, he added his own phone number and the verification went to him. This way he could change my email in Steam.
    So I don't think he hacked my gmail because my password is easily over 14 characters with a jumble of characters...etc.
    I still changed it anyways.

    My problem with Steam is that I have 7+ computers with Steam installed and each one has PlayOnLinux with individual Virtual Drives with Steam installed. On top of that, I test Steam games in PlayOnLinux.
    Imagine how many times I would have to enter a password on a weekly basis for dual-authentication.

    No Way! :confused:
  15. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    7 plus machines with slightly different Steam installations? Ai yai ai!

Share This Page