Steam Hijacker, this one's bad!!

[Kamikazi2142]

So, last night...

around 12AM Pacific, i am thinking...

"sheesh, sleep is NOT happening, i'll play some Black Desert Online"

 

noticing i have a new message on steam, i see its from an old friend, so i check it out...

my friend sent me a link to a site saying: "New accounts get 1 free gift game, click here: Gift-Key.com"

 

i visit the site, spend a few minutes checking it out, and decide its worth a shot, it looks like a Steam themed G2A of sorts...

With the added convenience of a "Login via Steam" button, i decide to create a new account.

 

Upon successful login, i am logged out of my PC client, phone app, and after looking at my email i discover two VERY unsettling things...

i didn't even open them as their subject said it all...

Steam Mobile Authenticator successfully removed!

Associated phone number successfully removed!

 

HOW?!

i had no idea you didn't need the phone OR the authenticator present to remove them... 

 

this was all accomplished within a minute @12:35

Spoiler

As seen with the 12:37 entry, i logged into my Steam Server account on my PC trying to see myself online...

I wasn't online, but i must have been Invisible as i still was sending out links to the site by the hijacker.

Spoiler

as seen here my account is sharing the link, in the same fashion i first received it, only now, the URL is altered... still have not clicked it.

 

I discovered the way to lock my account after google searching for it, its not very clear about how on its own, almost as if they're trying to make sure you didn't just forget your password.  However, i didn't take a screenshot of the email, but it was changed to one with two decimal points in the name before @gmail.com, and started with an i...

very much different to email, without points, and starting with a K instead....

Luckily, my email is still secured.  And this all happened through steams secure login system... well, insecure login.

 

It was in this email that i learned it was another russian account hacker, the first time for my Steam account.  Origin has been hacked from me 3 times so far.

Spoiler

After locking and finally submitting the recovery request, i wake up this morning and discover, i've been recovered!!

Spoiler

I had a few concerns...

First concern i had, i have SERIOUS questions on how the Steam Guard was removed, and HOW my phone was removed, WITHOUT confirmations from either.

Second concern i had, is this going to be investigated any?

 

Oh, and notice how there's now a fun yellow notification on here?

Spoiler

Yup, the hijacker launched PUBG from my account and used an illegal program and got my account banned.

Now, i'm not even the least bit concerned over being banned from PUBG, it is a game of little entertainment value to me, and holds significant negative emotional memories about a certain someone. 

Besides, i've already tried to return it, months ago, but it was past the time frame, and i've got just about four hours play time total on it.

 

However, i dislike extremely my account on Steam now saying i have a Ban on record.  And if i want to reverse it to get with the game developer support...

OK, i have all this information and records to justify my case and easily get it removed.... 

Spoiler

Welp... looks like I'm being punished for being a victim.

This is absurd, so, regardless i submit a ticket, detailing the entire ordeal, and supplying screenshots as i have now.

I'm REALLY tired, and haven't slept much, and i've got to go to work in a few hours for the late shift delivering pizza.

 

I think this concludes my story.

 

I'm still amazed that the phone and guard were removed so easily.

JUST using this as a warning for other players, i know you shouldn't click rando links, but it was from a friend, and the site looked legit, and steam didn't have any protest about going to the site like it usually does, and it had a steam login option... 

I was NOT expecting what happened to happen.   Much less be held accountable for it, this has never happened before, and it happened with such ease that i'm still in awe at the lack of security with steam.

[Norwegiantweaker]

lol. you honestly didnt expect that to happen when you visited a shady webpage that promises to much to be true ? 

[The King of the Undead]

new password!

[Firewrath9]

yea don't do that stuff.

they have the fake steam auth code thing

[Adorable Cat]

 

[Terabyte_272]

1 minute ago, Adorable Cat said:

 

well memed

[Kamikazi2142]

6 minutes ago, Norwegiantweaker said:

lol. you honestly didnt expect that to happen when you visited a shady webpage that promises to much to be true ? 

thanks for sharing the fact you didn't read.

[YoFavRussian]

11 minutes ago, Kamikazi2142 said:

my friend sent me a link to a site saying: "New accounts get 1 free gift game, click here: Gift-Key.com"

Your first mistake.

 

12 minutes ago, Kamikazi2142 said:

i visit the site, spend a few minutes checking it out, and decide its worth a shot

Your second mistake.

12 minutes ago, Kamikazi2142 said:

With the added convenience of a "Login via Steam" button, i decide to create a new account.

Your third mistake.

 

Just by looking at that message it should've immediately been obvious that your friends account was compromised, everyone that was on your friends list probably also got a message from you that looks just like that.

[Norwegiantweaker]

1 minute ago, Kamikazi2142 said:

thanks for sharing the fact you didn't read.

not gonna read ur sob story. you stright up deserved that one lmao 

[Kamikazi2142]

Just now, YoFavRussian said:

Your first mistake.

 

Your second mistake.

Your third mistake.

 

Just by looking at that message it should've immediately been obvious that your friends account was compromised, everyone that was on your friends list probably also got a message from you that looks just like that.

you must not have ANY accounts with Facebook, twitter, or any other "legit" looking sites eh?

[Kamikazi2142]

jesus, here i thought LTT was much nicer than the thickest slime of NexusForums...

 

I'll be deleting my account after work.

[YoFavRussian]

1 minute ago, Kamikazi2142 said:

you must not have ANY accounts with Facebook, twitter, or any other "legit" looking sites eh?

You got hit by a very simple phishing attack, should be common sense not to respond to these now.

Your friend probably doesn't send such a "perfected" message.

 

[Norwegiantweaker]

2 minutes ago, Kamikazi2142 said:

jesus, here i thought LTT was much nicer than the thickest slime of NexusForums...

 

I'll be deleting my account after work.

im sorry that wasn't my intent. but what were you expecting ? everyone knows by now that msg like that is a scam even if its from ur mom... not sure what you were expecting in terms of replies considering pretty much everyone here knows a thing or 5 about security. sorry it happened to you iguess ? 

[YoFavRussian]

7 minutes ago, Kamikazi2142 said:

jesus, here i thought LTT was much nicer than the thickest slime of NexusForums...

 

I'll be deleting my account after work.

Here, I'll help you, free games, items, and money don't exist from external websites. If a website asks for your steam credentials as a login it's probably captured them and storing them. Don't trust every message you guess, a persons account can be quickly and easily compromised as was just demonstrated by you. Tell your friends that they best not click links that you send them, I can guarantee they probably got that same message.

[TechyBen]

20 minutes ago, YoFavRussian said:

Your first mistake.

 

Your second mistake.

Your third mistake.

 

Just by looking at that message it should've immediately been obvious that your friends account was compromised, everyone that was on your friends list probably also got a message from you that looks just like that.

Possibly a fake login screen? Two boxes, one asks "account name" other asks "password"... both go straight to hackers inbox.  (PS, inline smiley search is nice!)

[YoFavRussian]

3 minutes ago, TechyBen said:

Possibly a fake login screen? Two boxes, one asks "account name" other asks "password"... both go straight to hackers inbox.  (PS, inline smiley search is nice!)

 

11 minutes ago, YoFavRussian said:

If a website asks for your steam credentials as a login it's probably captured them and storing them.

Yes

[TechyBen]

TBF I did use to use the free/gift/comp steam game trade website. But IIRC Steam has changed the trading of games anyhow now.

[YoFavRussian]

Here you go, the link for the login doesn't match a steam URL, they captured your credentials and used them to login to your account.

[Anomnomnomaly]

Sorry to put this so bluntly... but anyone who uses and or believes that signing into an account via a 3rd party site is a good idea is an idiot of epic proportions...I have zero sympathy for stupidity like that. You fucked yourself, no one else to blame but the idiot in the chair.

 

Now take it as a lesson... learn from it and never ever, ever give any other website access to anything from another site... Do not believe the 'convenience' bullshit. it's all a lie to harvest data, either for theft or to sell your private info to the highest bidder. Use a decent browser (IE, not Chrome or Edge) with privacy safeguards... that includes ad, script, cookie, java, and tracker plugins.

 

If you don't take proper precautions... you've only yourself to blame.

[Guest]

delete

 

[Anomnomnomaly]

8 minutes ago, Mr. horse said:

That message was extremely fishy to begin with. You should have never click on it.

Second I would file a charge back for the game you were baned on if they don't un ban you.

Steak will remove it from your account after the charge back/PayPal dispute is made. But in my experience they don't do anything else

A few eyars ago... before steam actually adopted the policy of offering refunds for faulty products (providing less than 2hrs of game time) I tried to get a refund for a bundle of games that simply would not run (older Star Wars flight sim games that I loved when I was younger)... They ignored me completely. for weeks refused to respond to the support ticket. I had the original games on CD still but couldn't get them working in windows 7.

 

So I filed a paypal dispute... suddenly they respond... and threaten to ban my account if I don't cancel the dispute and that they refuse to refund me until I cancel the dispute.

 

Now if you cancel a dispute.. you can't open it again.  So I took screen grabs of their threats, copied emails and so forth and spoke with paypal about it... They agreed that they would re-open the dispute if steam failed to refund me.

 

I told steam that's what I had done and said they had 24hrs to resolve it.

 

I got my refund... and I managed to get my original games working thanks to the people working on the X-Wing Alliance Update project... that I hadn't realised was still a thing (I used to use it back in the early 2000's). Thanks to the, I not only got XWA working, but XW VS TF and Expansion as well as the original XW and TF games (with expansions).

 

Not long after that... Steam changed their policy... Ubisoft on the other hand point blank refuse to refund anything if it's been started... regardless of whether the game works or not. You HAVE to resort to a chargeback on your card or a paypal dispute.

 

These days, if I can get it on GOG I will... unless it's ridiculously cheaper elsewhere, and I have boycotted EA for more than a decade because... well..,. fuck them and I won;t buy anything from Epic anymore due to their shitty practices of late and their ties to China.

[YoFavRussian]

3 hours ago, Kamikazi2142 said:

Much less be held accountable for it, this has never happened before, and it happened with such ease that i'm still in awe at the lack of security with steam.

Just to recap and I'm going to blame you because it is you. In the IT security field people ARE the weakest link, it's not uncommon that people fall into these traps. Steam has very little security flaws when compared to other platforms, once again you initiated this attack, not steam. It happened with such ease because you essentially gave the criminal the keys to your house and said "Steal whatever you would like".

 

So, question every link your friends and family send you, as this one wasn't from your friend, it was from a system designed to initiate a phishing attack.

Do not transfer credentials because it will make a sign in quicker, every time you do that the other company has to store your credentials. And they either do this with it or sell it, some do keep them safe though.

 

Not being mean, but security is a very closed system until you introduce a person, then it gets cracked wide open. You're not the first person, but not the last.

[JB780]

4 hours ago, Kamikazi2142 said:

 

Welp... looks like I'm being punished for being a victim.

 

More accurately, you're being punished for doing something stupid, which should happen more often.

3 hours ago, Kamikazi2142 said:

thanks for sharing the fact you didn't read.

You LITERALLY went to a website you knew nothing about that promises free keys and entered your information!