All Discussions > Steam Forums > Help and Tips > Topic Details
Chèvre 24 Jun @ 4:05pm
How do accounts get compromised without phishing?
I got hacked and I cant figure out how someone managed to login onto my account. I did the security routine and ran a full MB scan (which didnt seem to find much), its fine I just got my profiles changed and some guy tried to phish me, but am still worried...

Ive only been playing solo games and talking to no one for years now, always with the same setup, I never enter my password and have double auth anyway.

The only alternative I'm reading is that mail was compromised (which is mortifying btw), but I'm pretty sure my gmail is fine as I seen no sus login these past weeks.
Last edited by Chèvre; 24 Jun @ 4:11pm
< >
Showing 1-8 of 8 comments
Aluvard 24 Jun @ 4:13pm 
Malware.
#1
Haruspex 24 Jun @ 4:16pm 
They don't. It's always either phishing or malware. If it's not malware, you probably got phished at some point and didn't realize it. Sometimes you account can get compromised and the scammer will sit on it for months without doing anything, perhaps to wait for your account to become ripe with items or wallet funds before they take action.

Originally posted by Chèvre:
I'm pretty sure my gmail is fine as I seen no sus login these past weeks.
If they snag your session with RAT malware, there won't be any suspicious logins, since it's your own login they'll be using.

It's tough to say, but if you manage to figure out how it happened, you'll be less likely to fall for it a second time.

Wiki of common scam strategies.

Guide for securing your account and keeping it that way.
#2
Chèvre 24 Jun @ 4:38pm 
Thank you for your input. Could a malware allow modifications of the steam profile from the current session, by like controling the computer remotely ?

In the interaction with the hacker, after my profile got modified, he was actually trying to phish me by sending me to a fake login site, so I doubt he already had my credentials. Unless I was actually being attacked by like 2 parties at the same time.
Last edited by Chèvre; 24 Jun @ 4:39pm
#3
Haruspex 24 Jun @ 5:11pm 
Originally posted by Chèvre:
Could a malware allow modifications of the steam profile from the current session, by like controling the computer remotely ?
Yeah, a RAT (Remote Access Trojan) works just like that, if it is a RAT.

Originally posted by Chèvre:
In the interaction with the hacker, after my profile got modified, he was actually trying to phish me by sending me to a fake login site, so I doubt he already had my credentials. Unless I was actually being attacked by like 2 parties at the same time.
Sometimes they'll have partial control of your account, but they need you to do the rest to complete the scam, like for 2FA or trade confirmations. They'll use the partial access to modify the profile in an effort to scare you into thinking it's all legit. They want to scare you, because once they manage to get your emotions involved, all your common sense usually goes out the window. Also if you don't play ball, it's common for the scammer to try and punish you for it by deleting your games (easy enough to restore with support), changing your profile, deleting your friends list, or posting horrible crap under your name on the forums in an effort to get you banned.
#4
Chèvre 24 Jun @ 5:48pm 
Thanks again, and sorry for making you repeat yourself.
Yes they were definitely playing the stress card, and started uninstalling a bunch of stuff apparently (without being openly threatening). Then I guess right now nothing stops them from coming back anytime as MB found nothing but PUPs, which are just bloat as I understand.

I guess I should stick to offline play until I manage to find something that detects and eradicates the RAT.
Last edited by Chèvre; 24 Jun @ 5:49pm
#5
Cinemax 24 Jun @ 7:04pm 
People never tend to explain how an account gets hijacked, most likely cause they don't know, but I assume it's about the same as hijacking a youtube account. They steal a pre-authed session token, which is then able to bypass 2FA since it has already completed the 2FA. That or they simply maintain compromise and send malicious commands through the trojan'd PC.

If you think it's trojan'd just reimage the damn thing from install media. Very few malware samples can survive that. Be sure to build the install media on a clean computer though.
#6
ReBoot 24 Jun @ 10:01pm 
How do you know it wasn't phishing? Phishing, like any other form of deception, relies on the victim not knowing they're being lied to, meaning it's very much possible to get phished without knowing.
#7
JPMcMillen 25 Jun @ 1:20am 
Originally posted by Chèvre:
The only alternative I'm reading is that mail was compromised (which is mortifying btw), but I'm pretty sure my gmail is fine as I seen no sus login these past weeks.
That is a possibility, but requires the user not be paying close attention to both their Steam and Email account. If a someone is intercepting and deleting confirmation emails quick enough, the user might not realize something is going on. That's why it's important to have a good, extra unique, password for your Email and use 2FA on it if possible.

Of course, a little paranoia isn't a bad thing and Valve makes it easy to see if someone might have access to your account. You can check to see what Authorized Devices are logged into your account, and log everyone out if you see something suspicious. Also, make sure you don't have any API keys linked to your account as well.
#8
< >
Showing 1-8 of 8 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: 24 Jun @ 4:05pm
Posts: 8
Start a New Discussion

Discussions Rules and Guidelines