Criminals Are Selling Your Steam Data For Just $15

 Pages 1 2 NEXT
 

Criminals Are Selling Your Steam Data For Just $15

image

Yes, this includes passwords, and guess what? You're helping them do it.

A report published in the Guardian newspaper claims that its reporters have seen criminals advertising Steam data for sale on a Russian dark web forum; a full log of all data stolen by botnet - probably including usernames and passwords - goes for just $15. Steam has become a very high value target, because it's so easily bought and sold. The best part? Some of you are cooperating, willingly or otherwise.

"To the best of our knowledge, most of the Steam accounts get stolen via botnets," says Alex Holden, chief information security officer at Hold Security. "However, in the past, we have seen exploitation attempts against the platform." There are two main types of exploitation, according to Holden: the achievement hunters, and the Community Portal.

Gamers who care too much about achievements will go to any length to get them, and that includes paying hackers to obtain them or getting hacks online to increase their chances. But dealing with the kind of source willing to provide hacks for a price significantly increases your chance of getting hacked. These are the gamers who cooperate willingly, blind to the risk their activity poses to their own account.

The ones who may not realize the danger they're in are the ones trading on the Marketplace. The Phishermen have discovered it's much more sensible to mimic, not the Steam homepage, but the increasingly popular Community Portal, where all the trades and content sales take place. Spoof that, and someone could have their account stolen when all they want is a new hat for their Sniper.

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

Source: Guardian

Permalink

yes those fucking phishing bots, ive been added countless times by them in the past months, i made a few threads on the community hub of both TF2 and Dota 2 in the past

http://steamcommunity.com/app/440/discussions/0/558749824383937290/

http://steamcommunity.com/app/570/discussions/0/558749824918114303/

i suggest everyone reads any of em, yeah its a bit long, but i think i got all the important stuff written down, particulary the fact that now phishers dont even wait for the users to log out before stealing their accounts, this is important, because if the user still has his/her account open, he/she can change his password and avoid losing his/her account, i already helped 2 people avoid this fate

I've been fairly lucky, and I'm hoping it holds up. I had my STO account broken into once (and recovered), and when I went back to WoW briefly to see if Pandaria was any good (it didn't impress me so I left quickly) I found my account had been robbed and I had to request a recovery from Blizzard.

Of course at the same time I'm not a huge achievement hunter, and don't generally trade things online outside of the games.

This kind of thing is part of why I've been wary of the transfer to things being purely digital and companies wanting you to be always online. Gaming is if nothing else going to become riskier, because honestly there is simply no way to ever make this kind of thing entirely safe. For every security system conceived of, people will find a way around it. Of course at the same time there is no way to do MMOs without being online, so as a concept I figure they were always fairly vulnerable.

Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).

Zontar:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

In the case of Russia it's not just some individual hackers or hacker groups stealing this and other sorts of info. It's organized crime groups that are dealing in this sort of information. I think that's why you see them more often in the news. I'm not sure if organized crime in other countries has quite caught on to how much money there is to be made with this.

And on a side note: who the hell tries to trade or buy on Steam outside of the actual Steam application? You're just asking for trouble if you do that.

Zontar:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).

Russians have a lot of cyber crime. Money is also worthless over there so they buy cheap there and sell to naive foreigners.

Russia has a scamming culture, its the reason everything is recorded, even the car accidents. So now Russians are seen as awful people, awful traders, and a general blight on steam because how much crime is spilling over from russia.

Russian hackers use steam as a dumping ground for stolen items.

If there is ever a stolen account being cleaned out for a valuable hat, its a russian.

If there is a stolen game being sold on tf2outpost to launder money, its a russian.

If ever a trade goes bad, its a russian.

This is coming from a steam trader: Do. Not. Trust. A. Russian. Trade. Stay away from their accounts. Stay away from their offers. Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

Probably both. Because that's what criminals do in the steam economy, use it to money launder. Russia has a huge PC gamer population, so it wouldn't raise any eyebrows if a lot of money is exchanged there in seemingly useless items.

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.

"So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?"

lol, are you seriously giving me a choice between being in the group that willingly engages with hackers and get their accounts stolen, or in the group of "lucky" individuals whose accounts haven't been stolen? That's a false dichotomy if I ever saw one :p

Karloff:

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

Neither. I just ain't stupid.

Hacking does not equal cracking, but I imagine that most of this is about scamming? If you don't know the difference then please don't make threads about it.

P.S. Hacking, cheating and exploiting are also not the same thing

Giving away your password because you're a stupid person =/= being hacked.

And this is why I don't use the market place that much and when I do I do ith through the actual Steam Marketplace.

I fell for a false link once when I was like 12, got my account back, everything where I left it, except for my friends list which had been whiped. I had been using the same password for everything at the time, so he managed to access my Paypal. But I changed my password before him so I saved it. same with my email, said it had been logged into via somewhere else.
For the record, he said I had been mentioned on the steam forums so I went to take a look via the link he provided. fell for it hook line and sinker.

So anyway, never access anything to do with steam unless it's via the client itself.

I don't trade on the community hubs and I'm not stupid enough to rely on hacks to get achievements, so neither.

Vivi22:
And on a side note: who the hell tries to trade or buy on Steam outside of the actual Steam application? You're just asking for trouble if you do that.

I do. I go to the Steam community page in my browser - way more convenient when you can use tabs and addons.

Sofus:
Hacking does not equal cracking, but I imagine that most of this is about scamming? If you don't know the difference then please don't make threads about it.

P.S. Hacking, cheating and exploiting are also not the same thing

munx13:
Giving away your password because you're a stupid person =/= being hacked.

These people are correct, by the way.

i've had a conman try and get me to use a fake site that looked identical to steam

essentially the guy tried to lure me in by saying that a person wanted to trade with me and couldn't friend me, i checked his name out which obviously came back with nothing, then i checked the link out coz, why not, the link was to a pretty detailed page, pretty much identical to steam except nothing worked

it was kinda convincing since i did have something on the market and i can see it luring people in seeing as how convincing the page looked

of course anyone who reads the link and does basic checks such as logging into steam through their official website rather than links will protect themselves from these scumbags
i reported him ofc

munx13:
Giving away your password because you're a stupid person =/= being hacked.

actually, it's called social engineering, why delve into a server looking for passwords to access an account when you can just pose as the sysadmin and contact the guy whose account you want and get him to tell you his login details?

And yes, it is considered hacking.

Unless if your idea of a hacker is some pasty overweight guy who is surrounded by monitors dressed like he is from the Matrix listening to dubstep/techno 24/7 who taps three keys on his keyboard and instantly gets into any server.

Because if that's the case:

image

hue hue hue hue hue hue

Ultratwinkie:

Zontar:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).

Russians have a lot of cyber crime. Money is also worthless over there so they buy cheap there and sell to naive foreigners.

Russia has a scamming culture, its the reason everything is recorded, even the car accidents. So now Russians are seen as awful people, awful traders, and a general blight on steam because how much crime is spilling over from russia.

Russian hackers use steam as a dumping ground for stolen items.

If there is ever a stolen account being cleaned out for a valuable hat, its a russian.

If there is a stolen game being sold on tf2outpost to launder money, its a russian.

If ever a trade goes bad, its a russian.

This is coming from a steam trader: Do. Not. Trust. A. Russian. Trade. Stay away from their accounts. Stay away from their offers. Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

Probably both. Because that's what criminals do in the steam economy, use it to money launder. Russia has a huge PC gamer population, so it wouldn't raise any eyebrows if a lot of money is exchanged there in seemingly useless items.

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.

I can definitely confirm this. I have a friend who used to frequent SteamTrades.com. She would buy Team Fortress keys and then trade them for games just like you described. One of her new Russian trading friends introduced her to one of his friends who then traded with her for the latest Call of Duty a day before release for an equivalent $30.00. Two days later Steam notified her that they would be removing the game from her inventory since it was originally purchased on a stolen card. It happened to a few of her other friends too. *Poof* No more game.

Moral of the story, just wait for a damn sale.

Ultratwinkie:

Zontar:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).

Russians have a lot of cyber crime. Money is also worthless over there so they buy cheap there and sell to naive foreigners.

Russia has a scamming culture, its the reason everything is recorded, even the car accidents. So now Russians are seen as awful people, awful traders, and a general blight on steam because how much crime is spilling over from russia.

Russian hackers use steam as a dumping ground for stolen items.

If there is ever a stolen account being cleaned out for a valuable hat, its a russian.

If there is a stolen game being sold on tf2outpost to launder money, its a russian.

If ever a trade goes bad, its a russian.

This is coming from a steam trader: Do. Not. Trust. A. Russian. Trade. Stay away from their accounts. Stay away from their offers. Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

Probably both. Because that's what criminals do in the steam economy, use it to money launder. Russia has a huge PC gamer population, so it wouldn't raise any eyebrows if a lot of money is exchanged there in seemingly useless items.

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.

come on dude dont generalize ive met some great russians on steam

after all the information ive collected about the steam phishing attacks, id dare say only a handful of people are behind this attacks, using phishing scripts that take controls of someones account each time a new victim falls for the scam

Riotguards:
i've had a conman try and get me to use a fake site that looked identical to steam

essentially the guy tried to lure me in by saying that a person wanted to trade with me and couldn't friend me, i checked his name out which obviously came back with nothing, then i checked the link out coz, why not, the link was to a pretty detailed page, pretty much identical to steam except nothing worked

it was kinda convincing since i did have something on the market and i can see it luring people in seeing as how convincing the page looked

of course anyone who reads the link and does basic checks such as logging into steam through their official website rather than links will protect themselves from these scumbags
i reported him ofc

it wasnt a person, it was a bot, read my threads dude

Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.

Kalezian:

munx13:
Giving away your password because you're a stupid person =/= being hacked.

actually, it's called social engineering, why delve into a server looking for passwords to access an account when you can just pose as the sysadmin and contact the guy whose account you want and get him to tell you his login details?

And yes, it is considered hacking.

Unless if your idea of a hacker is some pasty overweight guy who is surrounded by monitors dressed like he is from the Matrix listening to dubstep/techno 24/7 who taps three keys on his keyboard and instantly gets into any server.

Because if that's the case:

image

hue hue hue hue hue hue

I'm sorry, but I'm having a hard time believing that asking someone for his/her password is hacking.

Using exploits on old/outdated software (like in that PSN debacle years ago) however, is.

For a minute, I thought I might actually have something pressing to worry about. From the looks of it, it's the idiots who pay for someone else to play the game for them or people who have been duped into false trades. Then there's me, who only sells those useless market place items and plays the games for himself. *knock on wood* I think I'll be just fine unless someone deliberately goes after me for some reason since I don't do any of the above.

munx13:

Kalezian:

munx13:
Giving away your password because you're a stupid person =/= being hacked.

actually, it's called social engineering, why delve into a server looking for passwords to access an account when you can just pose as the sysadmin and contact the guy whose account you want and get him to tell you his login details?

And yes, it is considered hacking.

Unless if your idea of a hacker is some pasty overweight guy who is surrounded by monitors dressed like he is from the Matrix listening to dubstep/techno 24/7 who taps three keys on his keyboard and instantly gets into any server.

Because if that's the case:

image

hue hue hue hue hue hue

I'm sorry, but I'm having a hard time believing that asking someone for his/her password is hacking.

Using exploits on old/outdated software (like in that PSN debacle years ago) however, is.

you would be surprised at how easy and effective it is to make one phone call or e-mail pretending to be from whatever company the target has an account with.

Hell, ever sit out in some public place with a smartphone, laptop, or tablet? really easy for someone to peek over your shoulder without being noticed to see your login credentials for any website you log on to.

munx13:

Kalezian:

munx13:
Giving away your password because you're a stupid person =/= being hacked.

actually, it's called social engineering, why delve into a server looking for passwords to access an account when you can just pose as the sysadmin and contact the guy whose account you want and get him to tell you his login details?

And yes, it is considered hacking.

Unless if your idea of a hacker is some pasty overweight guy who is surrounded by monitors dressed like he is from the Matrix listening to dubstep/techno 24/7 who taps three keys on his keyboard and instantly gets into any server.

Because if that's the case:

image

hue hue hue hue hue hue

I'm sorry, but I'm having a hard time believing that asking someone for his/her password is hacking.

Using exploits on old/outdated software (like in that PSN debacle years ago) however, is.

In the tech world, it still falls under the same security category as hacking. They also refer to it as social engineering (as stated above).

You can be guaranteed that if you took a tech course that you'd be asked a question about hacks, and social engineering being an answer to that question. I agree that "hacking" brings images of a guy furiously typing at a keyboard to mind, but it can be anything that involves compromising a system. That includes getting a phone operator to divulge information that you can use if you call back again and get a different operator. It was a flaw in the operator system that is being exploited, even if no software and programing is involved.

Easiest fix: only browse the Steam Community from in the Steam client. It doesn't allow non-official Steam sites to be opened. Now don't tell people your password and problem solved.

I'll gladly sell my Steam account for a reasonable sum. My backlog is a freakin' burden.

I'm alittle ashamed to say this isn't news back around 05-7 I hung out on a trading forum for steam accounts and keys. I started out thinking it was stolen or russian keys but as time progressed the forum was taken over by steam account sales. I bought a few accounts that were simple account with just Valves multiplayer catalog for my lan parties and I could mostly say the accounts were just store hacks but I exited the forum after a few of my accounts got repossessed and it was clear I was getting stolen goods.

There are toooons of forums and IRC rooms for trading stolen accounts but it's dangerous and even if you scooped an account with thousands of games for $20 you will eventually get targeted for your info credit cards etc.

I dont do any steam item trading. I have friend that occasionally scoops my cards for cs gun skins or whatever but thats it.

At least I'm not stupid enough to care that much for achievements or trade publically on forums or community hubs. Also, I'm not the type who would click a link from an unknown person when the link obviously looks dodgy.

I don't go onto the marketplace, and I never EVER hack. (I care about PS Trophies, but not about Steam Achievements)... Does this mean I'm safe?

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

This is indicating nobody's smart enough to avoid this crap. Considering my SteamID is almost 10 years old and has a lot of my history with it, I'm absolutely paranoid about losing it. You can deal with the Steam Community in a safe manner, it just takes due diligence to check links and frankly not enough people do that.

Steam has a hell of a support problem, and it's mainly because end-users are stupid.

Aside: Let's call things what it is. Social Engineering or stupidity. Hacking indicates a vulnerability with the system, and that is an end-user problem not an issue with Steam's security.

Steam Acheivements? Who gives a crap about those?

Does this mean using a site such as Backpack.tf is unsafe?

Besides that, you'd probably be pretty dumb to click a dodgy link or accept a IP-giving call from a complete stranger.

Signa:
Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.

That's what I was wondering, but no one seems to mention -- if someone were to try to log on to my account from (for example) Russia, wouldn't they need a code emailed to my address, letting me know it happened?

Are people on Steam really desperate enough to pay and give away their sensitive info for the chance to raise some useless stat in their games? I thought it was bad on xbox live. Falling for phishing is sometimes understandable since your wanting to do whatever task you want done really quick and don't see subtle differences in the site layout and URL. Either way the entirety of the internet needs to learn to be a lot more careful and wary of either method.

AlwaysPractical:
Easiest fix: only browse the Steam Community from in the Steam client. It doesn't allow non-official Steam sites to be opened. Now don't tell people your password and problem solved.

That would be the smart thing to do. Regrettably, the general public isn't into doing the smart thing. I never really liked logging on with my Live or PSN account in a browser because it looses that layer of security. And if I ever get a call or even make a call where the person asks my for my credit card info, account info or passwords, I'm hanging up (possibly after a string of foul language.)

AlwaysPractical:
Easiest fix: only browse the Steam Community from in the Steam client. It doesn't allow non-official Steam sites to be opened. Now don't tell people your password and problem solved.

CpT_x_Killsteal:
So anyway, never access anything to do with steam unless it's via the client itself.

The problem is, the client's web engine is terrible and painful to use. Fortunately, logging into Steam from a browser isn't risky as long as you check the site's identity.

When reaching a Steam login page, the address in your browser will change from "http://" to "https://", indicating a secure page. If it doesn't, you already have the red flag you need not to enter your password.

You can check the site's https identity in any modern browser (Chrome, IE, Firefox,):

image
image
image

Karloff:
So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

False dichotomy.

I don't download cheats/hacks.

I've hardly set foot in the market, I sell cards from my inventory, that's about it.

And most importantly, I'm not dumb enough to fall for phishing.

I also have up to date antivirus with browser plugin, as well as some other protective software, so I'm not so likely to get infected by something. My steam account and email aren't the same, and have different passwords, the steam account name refers to a defunct email from an email site that's been dead for over a decade... ;)

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here