»X« Posted August 16, 2009 Share Posted August 16, 2009 It reminds me of the xbox RROD, we talk about it, but never think it would happen to you. Today I was just browsing the net when steam popped up a box saying it lost connection and my credentials needed to be re-entered. So I did, but the password was wrong. I didnt think much of it since I usually get my passwords confused but before I could try again, I got an email from steam saying: This email message confirms that your Steam account contact email address has been successfully changed. We are sending this notice to ensure the privacy and security of your Steam account. If you authorized this change, no further action is necessary. If you did not authorize this change, or if you need additional help with your account, please follow this link to the Steam Support site and submit a request for assistance: With alarm bells ringing in my head I knew I was ****ed. I have created a ticket with them and see how it goes but Im posting this because their account security is ass. In World of warcraft, if you want to change your email address it sends an email to that address asking for CONFIRMATION, it doesnt just change it. Whats worse is the email doesnt even say what it was changed to. Of course, I cant retrieve my account information because it sends it to the "new" email address which some **** has now got. I don't know what damage is being done to my account at the moment nor how long it will take for them to respond. Link to comment Share on other sites More sharing options...
Raa Posted August 16, 2009 Share Posted August 16, 2009 They should be able to fix it for you, they'll check the IP's and reset it. Use a stronger password and a less obvious secret question/answer next time champ! Good luck, and I hope its resolved quickly! Link to comment Share on other sites More sharing options...
+KibosJ Subscriber² Posted August 16, 2009 Subscriber² Share Posted August 16, 2009 They should be able to fix it for you, they'll check the IP's and reset it.Use a stronger password and a less obvious secret question/answer next time champ! Good luck, and I hope its resolved quickly! I don't think that always helps. If anyone can guess my password I'd be VERY surprised. I've had my account hacked before too. I managed to change the password to something different before they did anything and I haven't had any problems since but I was very, very surprised. Link to comment Share on other sites More sharing options...
Richard Hammond Posted August 16, 2009 Share Posted August 16, 2009 They are usually pretty good with this, i had my account hacked before all i had to provide was proof that i owned the account so they ask for example what card did i use to pay or the transaction id from my paypal account for a game i bought. I got my account back fine. Link to comment Share on other sites More sharing options...
DDStriker Posted August 16, 2009 Share Posted August 16, 2009 unlucky hopefully you recover it They should be able to fix it for you, they'll check the IP's and reset it.Use a stronger password and a less obvious secret question/answer next time champ! Good luck, and I hope its resolved quickly! its possible he had some form of keylogger installed or visited a bad website Link to comment Share on other sites More sharing options...
ramsy66 Posted August 16, 2009 Share Posted August 16, 2009 Happened to me ages ago. Nothing happened, I just lost all my games and that was that. I think I had Half-Life 2 and Counter Strike Source on there so no big loss but pretty infuriating. Link to comment Share on other sites More sharing options...
Raa Posted August 16, 2009 Share Posted August 16, 2009 its possible he had some form of keylogger installed or visited a bad website Agreed, it might have just been that! I've never had any of my accounts hacked. *touches wood* lol Link to comment Share on other sites More sharing options...
»X« Posted August 16, 2009 Author Share Posted August 16, 2009 Maybe its because I'm feeling angry at the moment :p but I can't help but feel for a company who takes money for games and stores all your games, that there should be better security in place. something simple like only changing a contact email address if I can validate it from that email, like WoW does. Just seems too easy to change details without many barriers to overcome. I think I also know how they gained access. It wasnt an easy password or secret question, it was a programme I downloaded. My own stupidity has caught up with me. Heres hoping its all fixed. One more thing, since I can't gain access to my account, can anyone tell me just how much information can been seen from a steam account? As in addresses, card details, etc. Im worried what they can do with my account. Can games be removed? Link to comment Share on other sites More sharing options...
DDStriker Posted August 16, 2009 Share Posted August 16, 2009 Not sure can you buy games if you had a credit card attached to it? or do you need to enter it in each time? I can't really see much on the steam app that would be dangerous to leave but i'm not sure about their homepage Link to comment Share on other sites More sharing options...
Pupik Posted August 16, 2009 Share Posted August 16, 2009 Was it actually Steam popped with that message, or you just entered your account details in some random window that you saw in a website? Steam only asks for the account password only in the login window. I guessit was just another of them "Download Free Antivirus" ads, that were just a virus in itself. Would tell you had entered incorrect password, no matter what the password was (correct or not). Link to comment Share on other sites More sharing options...
Colin-uk Veteran Posted August 16, 2009 Veteran Share Posted August 16, 2009 Happened to me once, not sure how it happened, i contacted support though and then reset my account back so i had access to it :) I had to send them pictures of my HL2 box and stuff lol. There i was thinking a 14 char alphanumeric password would have been strong enough, silly me :p Link to comment Share on other sites More sharing options...
Hell-In-A-Handbasket Posted August 16, 2009 Share Posted August 16, 2009 That's what got you. It was not steam that got you, was a fake java or flash in a site. I've seen alot of these on my iPod Touch, but with windows update instead of steam. No matter how strong you put your pw to it won't matter cause you gave it to them basically Today I was just browsing the net Link to comment Share on other sites More sharing options...
xendrome Posted August 16, 2009 Share Posted August 16, 2009 Agreed, it might have just been that!I've never had any of my accounts hacked. *touches wood* lol There's a difference between having an account "hacked"... which is not what happened in this case. And having someone socially engineer your password from you, or you downloading some type of malware on to your system that logged your keys. Link to comment Share on other sites More sharing options...
mad_onion Posted August 16, 2009 Share Posted August 16, 2009 yeah, I'm sure very few people have their password guessed. as long as you have a good password like a 14 digit alpha numeric one like colin said then you're only going to lose your password from malware or giving it away. Link to comment Share on other sites More sharing options...
DDStriker Posted August 16, 2009 Share Posted August 16, 2009 I think having a cryptic password is also a security risk (if someone is keylogging you and sees this complexed message theres going to be a good chance that its your password so they'll take it) i reckon people should start using different passwords to throw off potential key loggers e.g. password: "Hey, how are you today?" will seem like normal chat log and its long :p :laugh: Link to comment Share on other sites More sharing options...
shakey Posted August 16, 2009 Share Posted August 16, 2009 Rule of thumb, don't go putting in your steam info on any website.... I can't think of a single web site that ever would need or even ask for it..... If you downloaded something.... stop hacking ... or stop downloading pirated software from unknowns. Unless there is someone out there just running emails and password bots that try every possible combo, it is usually the users fault for their account being stolen. Strong passwords wont help if the person is stupid enough to give their info out..... Link to comment Share on other sites More sharing options...
2xSilverKnight Posted August 16, 2009 Share Posted August 16, 2009 i got my steam account hijacked 1 month ago. The guy changed all informations on it including the city he was in, which was los angeles ... I got my account back very easily by creating a support ticket on steam website. my And guess what, I didn't lose any game, I got Left 4 Dead free ... ahaha with all my half-life 2 and half-life packages. Guess I was lucky to get a free game. I checked in the history, and someone gifted the account with Left 4 Dead. All ended well for me. Link to comment Share on other sites More sharing options...
»X« Posted August 16, 2009 Author Share Posted August 16, 2009 How long should it take before I find out any information from your experience? Link to comment Share on other sites More sharing options...
2xSilverKnight Posted August 16, 2009 Share Posted August 16, 2009 How long should it take before I find out any information from your experience? what do you mean ? Link to comment Share on other sites More sharing options...
Umbrello Posted August 16, 2009 Share Posted August 16, 2009 Is it really that hard to tell it's a scam? Every Steam Friends message window blatantly states: Never tell your password to anyone. In bold, underlined letters. You say Steam needs to implement more security measures to prevent things like this from happening, well you know, a lot of it lies in the hands of the user. Cross your fingers the hijacker doesn't VAC ban your account. Account Security Recommendations Link to comment Share on other sites More sharing options...
shakey Posted August 16, 2009 Share Posted August 16, 2009 Is it really that hard to tell it's a scam? Every Steam Friends message window blatantly states: Never tell your password to anyone. In bold, underlined letters. You say Steam needs to implement more security measures to prevent things like this from happening, well you know, a lot of it lies in the hands of the user. Cross your fingers the hijacker doesn't VAC ban your account. Account Security Recommendations Exactly, no amount of prevention set up by Valve will stop someone from taking your account when you are giving them your information. Link to comment Share on other sites More sharing options...
»X« Posted August 16, 2009 Author Share Posted August 16, 2009 what do you mean ? As in, from the moment you put the ticket in, how long did it take to get a resolution? And in regard to the password comments, I never gave out any information to any dialog box or false website. Steam was just running in my tray as it has been for weeks, In fact the last time I logged into it was a month ago when I first installed Win7. So apart from the steam application itself telling me I have to input my password, I have not input my password anywhere else. The only other cause is a programme I downloaded, but how can a programme obtain my password from the steam files? Because that I can assure you is the only way it could have happened as I havent typed my password in any dialog box for steam in about a month. I have since done a full scan and changed all my passwords. And my comment about security, allow me to clear that up, I'm just surprised that for a site which takes my money and stores my games and details, I thought they would want a little more security from someone before changing their email address. Link to comment Share on other sites More sharing options...
2xSilverKnight Posted August 16, 2009 Share Posted August 16, 2009 It only took 2 days to get my account back. Btw, to all the others saying don't give out your password .. what are you thinking, do you really think i gave someone my password. At the time i was running Windows 7 RC x64 for a week and I know for sure I didn't giveaway anything or my computer got compromised. I've seen some widespread steam account hijacking in the past few months. Link to comment Share on other sites More sharing options...
Umbrello Posted August 16, 2009 Share Posted August 16, 2009 The only other cause is a programme I downloaded, but how can a programme obtain my password from the steam files? Really? Did you pay for it? Because you'd be amazed at what illegally downloading progs/apps/warez can bring about. Be thankful your bank/paypal account weren't compromised as well. Link to comment Share on other sites More sharing options...
shakey Posted August 16, 2009 Share Posted August 16, 2009 It only took 2 days to get my account back.Btw, to all the others saying don't give out your password .. what are you thinking, do you really think i gave someone my password. At the time i was running Windows 7 RC x64 for a week and I know for sure I didn't giveaway anything or my computer got compromised. I've seen some widespread steam account hijacking in the past few months. You would be surprised at how many people actually do give out their passwords... this coming from a guy who did xbox live tech support for 2 years.. trust me, people are generally stupid with stuff like this. It comes from people playing online, thinking they made a friend, giving out too much info, and boom , stolen. It also comes from tards who think a website can unlock or give them something, they put in their info, and stolen. As he mentioned, he pirated some software, which is normal to come with trojans and key loggers. Valves protection could not have stopped his stupidity from leaking info. As goes for most. Hopefully you do get it back, and hopefully you have learned your lesson. This is the chance you take with digital purchases. If you are not more careful, you can only be expected to have it lost after some time. Link to comment Share on other sites More sharing options...
Recommended Posts