TTLG|Thief|Bioshock|System Shock|Deus Ex|Mobile
Results 1 to 7 of 7

Thread: Steam password stolen - any other example experiences?

  1. #1
    Administrator
    Registered: Sep 2001
    Location: above the clouds

    Steam password stolen - any other example experiences?

    I got an email with my main steam password in it from someone or some automated thing, basic ransom thing threatening to mail all Facebook contacts my sex video (there isn't one, honest )

    I've taken the obvious steps of malware scans but is it possible to have a compromised steam client? Should I delete and reinstall steam?

    I'm surprised it's taken so long as I've had the same password since getting HL2 (yes I changed it!)

    Recommendations?

  2. #2
    Member
    Registered: May 2004
    More likely it's related to password recovery or might be you used the same password with a less reliable service. Attacks like these are almost always going for the low-hanging fruit / social engineering and don't bother with more complex stuff.

    Couldn't hurt, though.

  3. #3
    SShock2.com
    Moderator

    Registered: Mar 2001
    Location: 100 Rads Bar
    I just got an e-mail like that one as well. Obviously a scam - it was spoofed so that it looked like it had been sent from my own e-mail address, but I tracked it down to some guy in Napoli, Italy. He claimed that he knew the password for my e-mail, and also had access to all my messengers and social pages - but the password he listed wasn't the right one. He even claimed to have images taken from my webcam, and I don't have one.

    What I think happened here was that some scammer bought an (old) list of userids (and associated e-mail)/passwords that some hacker got from a compromised website. Then he just mass e-mailed everyone in that list hoping to convince them that he was a really nasty hacker, and demanding bitcoins. He probably even tried accessing some of those e-mail accounts using the passwords retrieved from whichever website was compromised, but at least in my case that didn't work, as I use a different password.

    I checked that e-mail address on https://haveibeenpwned.com/ and found out that he probably got that information from Last.fm, which suffered a data breach back in 2012, and where I used that very simple password.

    I doubt that your Steam client is compromised. You should just change your password.

  4. #4
    Member
    Registered: Mar 2003
    Location: Still hoarding rope arrows
    D'arcy is most likely correct. Change your steam password to something good (and different!) May I also recommend changing anything that uses that old password to a new different password- preferably a different password for each application.

    My experience: If the scammer could take over your steam account**, you probably would be locked out because they'd likely change the password.

    Hubbs had his steam account stolen this summer, and it took me a few days to get it back. Annoying days. We also had to change our paypal and email account passwords, too...because they were linked and the jerk who stole the Steam account took over his email, and attempted (NOT successfully) to get into the paypal account. Yeah. Overall a bunch of possibly preventable annoyance.

    Additional information on that yucky little scam: https://krebsonsecurity.com/2018/07/...ked-passwords/

    Edit: They may not know they could take it over. So change it

  5. #5
    Administrator
    Registered: Sep 2001
    Location: above the clouds
    Thanks for the additional info - in fact I did get a real password sent to me, but my son actually pointed out that it didn't say what it was for, so all it proved was they picked it up from somewhere.

    It was a coincidence that I still had it as my Steam password - I used to use it for everything and had forgotten - probably the Last.fm password was that at one point as well, and email etc. It's a bad habit that I keep using the same passwords, so I'm going to try and use strong generated passwords from the password keeper I use. Two factor authentication is a good idea as well...

    From the malware scans I did, it seems unlikely I had the password grabbed recently. I had false positives and some "potentially unwanted programs".

    Also Moghedian that does sound like a load of hassle. The worst I've had in the past was being lax about antivirus software and ending up with weird random charges to credit cards and the hassle of clearing that up.

    I did check if my email had been flagged as pwned and there were 11 breached sites, but I couldn't get it to tell me what they were.

  6. #6
    Administrator
    Registered: Oct 2000
    Location: Athens of the North
    If you scroll down the page to where it says "Breaches you were pwned in" it will show you the 11 potential breaches for your email.

  7. #7
    Member
    Registered: Apr 2002
    Location: Third grave from left.
    Interesting. We had a warning in main local media outlets about this scam making its rounds a while back with the recommendation to ignore the claim and just make sure your stuff is secure. By the description it sounds like the exact same thing is being tried on a much larger audience than i thought -- i got the impression it was a local thing. Apparently not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •