Yes, this includes passwords, and guess what? You’re helping them do it.
A report published in the Guardian newspaper claims that its reporters have seen criminals advertising Steam data for sale on a Russian dark web forum; a full log of all data stolen by botnet – probably including usernames and passwords – goes for just $15. Steam has become a very high value target, because it’s so easily bought and sold. The best part? Some of you are cooperating, willingly or otherwise.
“To the best of our knowledge, most of the Steam accounts get stolen via botnets,” says Alex Holden, chief information security officer at Hold Security. “However, in the past, we have seen exploitation attempts against the platform.” There are two main types of exploitation, according to Holden: the achievement hunters, and the Community Portal.
Gamers who care too much about achievements will go to any length to get them, and that includes paying hackers to obtain them or getting hacks online to increase their chances. But dealing with the kind of source willing to provide hacks for a price significantly increases your chance of getting hacked. These are the gamers who cooperate willingly, blind to the risk their activity poses to their own account.
The ones who may not realize the danger they’re in are the ones trading on the Marketplace. The Phishermen have discovered it’s much more sensible to mimic, not the Steam homepage, but the increasingly popular Community Portal, where all the trades and content sales take place. Spoof that, and someone could have their account stolen when all they want is a new hat for their Sniper.
So which are you? Someone that cooperates and then gets hacked, someone who doesn’t realize what’s going on but gets hacked anyway? Or have you been lucky so far?