rhench
Global Moderator
Posts: 735
|
Post by rhench on Jul 19, 2009 19:30:58 GMT -5
I was playing Fallout, not really paying much attention to anything else, when I suddenly discovered that I had been disconnected from the friends server. Then, after alt-tabbing to see what was going on, I found that my password to my Steam account had been changed. Sure enough, my gmail had two messages notifying me that 1. My pw had changed and 2. My email account that received Steam information had changed.
So now my account is totally disabled, as someone has apparently hacked it, which means that I can't get online to play TF2 or anything else right now. Fuck. I'll let people know if there's anything in particular to look out for when this gets resolved.
|
|
|
Post by FadedOasis on Jul 19, 2009 20:03:16 GMT -5
While this thread is here, let me put out a few notices:
Important: The most common tactic of stealing your password seems to be someone changing their name to "::" and then sending what looks like an official Steam message along the lines of:
DO NOT EVER CLICK ON THAT LINK. Steam will not notify you about *anything* by chat message.
Generic: Don't ever click on links to friends "forums," "pictures," or whatever. Don't ever provide account information to anyone.
|
|
rhench
Global Moderator
Posts: 735
|
Post by rhench on Jul 19, 2009 21:24:30 GMT -5
For the record, I didn't do any of those things, and somehow my shit still got changed. I have no idea what it could have been, honestly. I haven't even visited any new porn sites lately. I am frustrated.
|
|
rhench
Global Moderator
Posts: 735
|
Post by rhench on Jul 19, 2009 23:02:56 GMT -5
FUCK! I know what happened now. I got a message from DocMo that said, "Vote for Me?" and clicked on it without thinking. That's probably what happened. Don't click on any links from me in the near future. I don't send links anyway.
|
|
Whatsit
Global Moderator
Posts: 260
|
Post by Whatsit on Jul 20, 2009 10:56:36 GMT -5
My condolences, Rhench. Hopefully Valve can get things sorted out for you. So I'm not totally sure of the mechanisms involved here, but can you lose your account details from just clicking a link? As far as I know, there's only really three ways this can happen: - Getting some random trojan or virus if there's a browser vulnerability or whatever. I would hope that Rhench, and everyone else for that matter, has antivirus software installed.
- Some social engineering trick to coerce passwords from people, like what Faded suggested. I doubt Rhench would fall for something like that.
- Steam itself has a bunch of security holes in it, which is the most concerning because they've been dealing with both credit card transactions and DRM/content access for the past six years. I'd like to think they've got a handle on it by now.
Did I miss something?
|
|
|
Post by FadedOasis on Jul 20, 2009 11:03:37 GMT -5
All the credit card transactions go through secure servers. I think even the Steam store main page uses https. However, the login process does not, and Friends does not. In fact, Friends is constantly checking to see if you're about to send your password to someone. If you've ever actually tried to give your password to someone you trust, Steam pops up a confirmation window, asking if you really want to send your password.
The security hole could either be there, or it could be simple holes in Internet Explorer, the browser Steam uses for Store, Community, and Web.
|
|
rhench
Global Moderator
Posts: 735
|
Post by rhench on Jul 20, 2009 17:31:39 GMT -5
You know, I might have entered my password after all. It was sort of a hazy moment as I was playing a game, so I was off my guard. It used a very similar login screen to the real one, and I wasn't alert enough to tell the difference. I did think it was weird that I needed to log in to Steam while I was already logged in, though. Fuck. Every time people talk, I realize that it was more and more my fault.
|
|
Whatsit
Global Moderator
Posts: 260
|
Post by Whatsit on Jul 20, 2009 17:42:21 GMT -5
Well actually now that I think about it, steam will occasionally just require me to re-log in, usually when I'm cruising around the store or community page. I wouldn't think it too unusual for it to come up. Must remember to watch out for it in the future.
|
|
|
Post by carbad on Jul 20, 2009 18:24:14 GMT -5
wwwlol.steampowered.russiandomainnames.qz
Edit: Fixed your link carbon, in case someone is dense enough to click on it.
|
|
rhench
Global Moderator
Posts: 735
|
Post by rhench on Jul 20, 2009 23:23:44 GMT -5
I'm fixed now. Steam deserves kudos for being really on top of things. I got my first notification within about 26 hours of the complaint (which was at 6PM Sunday), and had my account back by 10:30 PM (all central time). I'm pleased.
|
|
|
Post by blasty on Jul 21, 2009 2:31:38 GMT -5
well i'm officially jealous rhench. When i first bought fallout 3 via steam, my account and credit card were hacked and i was forced t odisable my credit card because apparently someone went on an ebay shopping spray when they got my credit card info. It took me a whole month before steam finally got my account back. I even recieved emails from their security department head who kept in touch with me throughout the whole thing. apparently everytime they got the account back, the same ip managed to get the pw and email again and change it. Makes me wonder if it was an inside job. Overall, it makes me nervous that someone can continue to defy the people at valve for over a month. long post is long.
|
|