Hacked Steam Account

TonyM19 · 3 Jan 2021 at 11:39

All sorted. Lesson learned.

Thanks for the support

Akagi · 3 Jan 2021 at 11:40

TonyM19 said:
All sorted. Lesson learned.

Thanks for the support

Steam support sorted it?

TonyM19 · 3 Jan 2021 at 14:23

Yes. Raised support request at 3pm, responded at 7am.

TheSwede · 3 Jan 2021 at 14:39

TonyM19 said:
All sorted. Lesson learned.

Thanks for the support

And you turned on the Steam Guard (2FA) now ?

TonyM19 · 3 Jan 2021 at 15:09

Too right!

Akagi · 3 Jan 2021 at 15:28

TonyM19 said:
Yes. Raised support request at 3pm, responded at 7am.

Nice

At least some large companies have good support.

Temujin · 4 Jan 2021 at 11:58

Glad to hear you got it back, support can be notoriously useless!

loftie · 4 Jan 2021 at 12:04

Just as a side note, I know two people who have had their steam accounts hacked while 2FA has been enabled (one mobile, one email), I was going to say recently but because 2020, it was probably within the last year.

Spacedeck · 4 Jan 2021 at 13:20

loftie said:
Just as a side note, I know two people who have had their steam accounts hacked while 2FA has been enabled (one mobile, one email), I was going to say recently but because 2020, it was probably within the last year.

Email I could understand if that was compromised and 2FA wasn't enabled on the email. But mobile? How would that be possible without access to the mobile phone?

loftie · 4 Jan 2021 at 15:16

Spacedeck said:
Email I could understand if that was compromised and 2FA wasn't enabled on the email. But mobile? How would that be possible without access to the mobile phone?

No idea, and the email account had 2FA on too (not sure what type though).

dan958 · 5 Jan 2021 at 09:22

Spacedeck said:
Email I could understand if that was compromised and 2FA wasn't enabled on the email. But mobile? How would that be possible without access to the mobile phone?

Most likely just standard phishing. Users thinking they are logging into Steam, but really it is a fake page. Fake page asks for the 2fa code, then the phisher has both your logins and the 2fa. (and the 'hacker' just has to quickly login).

Over on the Steam subreddit, it is crazy how many people report they fell for the following message they received over steam chat 'My friend accidentally reported your account, you need to add this moderator to make sure your account doesn't get banned', and the link to the profile is a fake steam page.

loftie · 5 Jan 2021 at 12:27

dan958 said:
Most likely just standard phishing. Users thinking they are logging into Steam, but really it is a fake page. Fake page asks for the 2fa code, then the phisher has both your logins and the 2fa. (and the 'hacker' just has to quickly login).

Over on the Steam subreddit, it is crazy how many people report they fell for the following message they received over steam chat 'My friend accidentally reported your account, you need to add this moderator to make sure your account doesn't get banned', and the link to the profile is a fake steam page.

The one with the email 2fa, maybe, the other one, highly highly unlikely but not impossible.

dan958 · 5 Jan 2021 at 12:58

loftie said:
The one with the email 2fa, maybe, the other one, highly highly unlikely but not impossible.

It would take some timing on the 'hackers' part, but not that unlikely when a targeted attack is done to someone who may not be very knowledgeable on security -especially with how often I see people falling for this.

Admiral Huddy · 5 Jan 2021 at 13:04

I had mine hacked a few years back.. They changed my password, email address everything so was outright theft.. My guess is they got through via my email account and reset it. It took me a while to prove that I owned the account and they wanted purchase order numbers etc. which I didn't have.. Got there in the end though.

I swapped from an email account to one that uses 2FA plus enabled 2FA in steam.

If you have a Steam account, keep the receipts for the games you buy, and enabled 2fa as already suggested.

loftie · 5 Jan 2021 at 14:00

dan958 said:
It would take some timing on the 'hackers' part, but not that unlikely when a targeted attack is done to someone who may not be very knowledgeable on security -especially with how often I see people falling for this.

Oh i know, which is why i said the email guy maybe I could see it happening as he's not amazingly clued up but is cautious, but the mobile 2fa guy not so much simply because he is more clued up. But again, it's not outside the realm of possibility and while they could both claim they didn't click/login/do anything suspicious if they didn't realise that it was then in their mind it will always not be something they did.

Admiral Huddy said:
I had mine hacked a few years back.. They changed my password, email address everything so was outright theft.. My guess is they got through via my email account and reset it. It took me a while to prove that I owned the account and they wanted purchase order numbers etc. which I didn't have.. Got there in the end though.

I swapped from an email account to one that uses 2FA plus enabled 2FA in steam.

If you have a Steam account, keep the receipts for the games you buy, and enabled 2fa as already suggested.

Yea the mobile 2fa inciddent had to jump through some pretty tough hoops IIRC, I seem to think there were some questions that there'd be no way of him remembering simply because it was so long ago. He still got his account back but took a while. Everytime I buy a game from steam I print to PDF and throw it in my docs folder, hopefully if it ever happens to me them being bombarded with a bazillion PDF receipts is enough