Criminals Are Selling Your Steam Data For Just $15

Karloff

New member
Oct 19, 2009
6,474
0
0
Criminals Are Selling Your Steam Data For Just $15



Yes, this includes passwords, and guess what? You're helping them do it.

A report published in the Guardian newspaper claims that its reporters have seen criminals advertising Steam data for sale on a Russian dark web forum; a full log of all data stolen by botnet - probably including usernames and passwords - goes for just $15. Steam has become a very high value target, because it's so easily bought and sold. The best part? Some of you are cooperating, willingly or otherwise.

"To the best of our knowledge, most of the Steam accounts get stolen via botnets," says Alex Holden, chief information security officer at Hold Security. "However, in the past, we have seen exploitation attempts against the platform." There are two main types of exploitation, according to Holden: the achievement hunters, and the Community Portal.

Gamers who care too much about achievements will go to any length to get them, and that includes paying hackers to obtain them or getting hacks online to increase their chances. But dealing with the kind of source willing to provide hacks for a price significantly increases your chance of getting hacked. These are the gamers who cooperate willingly, blind to the risk their activity poses to their own account.

The ones who may not realize the danger they're in are the ones trading on the Marketplace. The Phishermen have discovered it's much more sensible to mimic, not the Steam homepage, but the increasingly popular Community Portal, where all the trades and content sales take place. Spoof that, and someone could have their account stolen when all they want is a new hat for their Sniper.

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

Source: Guardian [http://www.theguardian.com/technology/2014/may/30/steam-valve-password-hack-stolen-botnet-malware]


Permalink
 

NuclearKangaroo

New member
Feb 7, 2014
1,919
0
0
yes those fucking phishing bots, ive been added countless times by them in the past months, i made a few threads on the community hub of both TF2 and Dota 2 in the past

http://steamcommunity.com/app/440/discussions/0/558749824383937290/

http://steamcommunity.com/app/570/discussions/0/558749824918114303/

i suggest everyone reads any of em, yeah its a bit long, but i think i got all the important stuff written down, particulary the fact that now phishers dont even wait for the users to log out before stealing their accounts, this is important, because if the user still has his/her account open, he/she can change his password and avoid losing his/her account, i already helped 2 people avoid this fate
 

Therumancer

Citation Needed
Nov 28, 2007
9,909
0
0
I've been fairly lucky, and I'm hoping it holds up. I had my STO account broken into once (and recovered), and when I went back to WoW briefly to see if Pandaria was any good (it didn't impress me so I left quickly) I found my account had been robbed and I had to request a recovery from Blizzard.

Of course at the same time I'm not a huge achievement hunter, and don't generally trade things online outside of the games.

This kind of thing is part of why I've been wary of the transfer to things being purely digital and companies wanting you to be always online. Gaming is if nothing else going to become riskier, because honestly there is simply no way to ever make this kind of thing entirely safe. For every security system conceived of, people will find a way around it. Of course at the same time there is no way to do MMOs without being online, so as a concept I figure they were always fairly vulnerable.
 

Zontar

Mad Max 2019
Feb 18, 2013
4,931
0
0
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).
 

Vivi22

New member
Aug 22, 2010
2,300
0
0
Zontar said:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?
In the case of Russia it's not just some individual hackers or hacker groups stealing this and other sorts of info. It's organized crime groups that are dealing in this sort of information. I think that's why you see them more often in the news. I'm not sure if organized crime in other countries has quite caught on to how much money there is to be made with this.

And on a side note: who the hell tries to trade or buy on Steam outside of the actual Steam application? You're just asking for trouble if you do that.
 

Zato-1

New member
Mar 27, 2009
58
0
0
"So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?"

lol, are you seriously giving me a choice between being in the group that willingly engages with hackers and get their accounts stolen, or in the group of "lucky" individuals whose accounts haven't been stolen? That's a false dichotomy if I ever saw one :p
 
Jan 10, 2013
31
0
0
Karloff said:
So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?
Neither. I just ain't stupid.
 

Sofus

New member
Apr 15, 2011
223
0
0
Hacking does not equal cracking, but I imagine that most of this is about scamming? If you don't know the difference then please don't make threads about it.


P.S. Hacking, cheating and exploiting are also not the same thing
 

munx13

Some guy on the internet
Dec 17, 2008
431
0
0
Giving away your password because you're a stupid person =/= being hacked.
 

CpT_x_Killsteal

New member
Jun 21, 2012
1,519
0
0
I fell for a false link once when I was like 12, got my account back, everything where I left it, except for my friends list which had been whiped. I had been using the same password for everything at the time, so he managed to access my Paypal. But I changed my password before him so I saved it. same with my email, said it had been logged into via somewhere else.
For the record, he said I had been mentioned on the steam forums so I went to take a look via the link he provided. fell for it hook line and sinker.

So anyway, never access anything to do with steam unless it's via the client itself.
 

Canadamus Prime

Robot in Disguise
Jun 17, 2009
14,334
0
0
I don't trade on the community hubs and I'm not stupid enough to rely on hacks to get achievements, so neither.
 

DoPo

"You're not cleared for that."
Jan 30, 2012
8,665
0
0
Vivi22 said:
And on a side note: who the hell tries to trade or buy on Steam outside of the actual Steam application? You're just asking for trouble if you do that.
I do. I go to the Steam community page in my browser - way more convenient when you can use tabs and addons.

Sofus said:
Hacking does not equal cracking, but I imagine that most of this is about scamming? If you don't know the difference then please don't make threads about it.


P.S. Hacking, cheating and exploiting are also not the same thing
munx13 said:
Giving away your password because you're a stupid person =/= being hacked.
These people are correct, by the way.
 

Riotguards

New member
Feb 1, 2013
219
0
0
i've had a conman try and get me to use a fake site that looked identical to steam

essentially the guy tried to lure me in by saying that a person wanted to trade with me and couldn't friend me, i checked his name out which obviously came back with nothing, then i checked the link out coz, why not, the link was to a pretty detailed page, pretty much identical to steam except nothing worked

it was kinda convincing since i did have something on the market and i can see it luring people in seeing as how convincing the page looked

of course anyone who reads the link and does basic checks such as logging into steam through their official website rather than links will protect themselves from these scumbags
i reported him ofc
 

Nowhere Man

New member
Mar 10, 2013
422
0
0
Ultratwinkie said:
Zontar said:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).
Russians have a lot of cyber crime. Money is also worthless over there so they buy cheap there and sell to naive foreigners.

Russia has a scamming culture, its the reason everything is recorded, even the car accidents. So now Russians are seen as awful people, awful traders, and a general blight on steam because how much crime is spilling over from russia.

Russian hackers use steam as a dumping ground for stolen items.

If there is ever a stolen account being cleaned out for a valuable hat, its a russian.

If there is a stolen game being sold on tf2outpost to launder money, its a russian.

If ever a trade goes bad, its a russian.

This is coming from a steam trader: Do. Not. Trust. A. Russian. Trade. Stay away from their accounts. Stay away from their offers. Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

Probably both. Because that's what criminals do in the steam economy, use it to money launder. Russia has a huge PC gamer population, so it wouldn't raise any eyebrows if a lot of money is exchanged there in seemingly useless items.

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.
I can definitely confirm this. I have a friend who used to frequent SteamTrades.com. She would buy Team Fortress keys and then trade them for games just like you described. One of her new Russian trading friends introduced her to one of his friends who then traded with her for the latest Call of Duty a day before release for an equivalent $30.00. Two days later Steam notified her that they would be removing the game from her inventory since it was originally purchased on a stolen card. It happened to a few of her other friends too. *Poof* No more game.

Moral of the story, just wait for a damn sale.
 

NuclearKangaroo

New member
Feb 7, 2014
1,919
0
0
Ultratwinkie said:
Zontar said:
Why is it that when this type of thing happens, it always seems to be Russians? I mean every country has its hackers, but Steam and Eve seem to have a disproportional amount of reports of it coming from that country in particular. Am I missing something, or is it just being overrepresented in reports?

Anyway the achievement hunter one I'm fine, but I enjoy using market quite often. How is this problem effecting that, since I don't really understand how it is (if it even is, I'm a little confused about what the article is saying about it).
Russians have a lot of cyber crime. Money is also worthless over there so they buy cheap there and sell to naive foreigners.

Russia has a scamming culture, its the reason everything is recorded, even the car accidents. So now Russians are seen as awful people, awful traders, and a general blight on steam because how much crime is spilling over from russia.

Russian hackers use steam as a dumping ground for stolen items.

If there is ever a stolen account being cleaned out for a valuable hat, its a russian.

If there is a stolen game being sold on tf2outpost to launder money, its a russian.

If ever a trade goes bad, its a russian.

This is coming from a steam trader: Do. Not. Trust. A. Russian. Trade. Stay away from their accounts. Stay away from their offers. Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

Probably both. Because that's what criminals do in the steam economy, use it to money launder. Russia has a huge PC gamer population, so it wouldn't raise any eyebrows if a lot of money is exchanged there in seemingly useless items.

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.
come on dude dont generalize ive met some great russians on steam

after all the information ive collected about the steam phishing attacks, id dare say only a handful of people are behind this attacks, using phishing scripts that take controls of someones account each time a new victim falls for the scam
 

NuclearKangaroo

New member
Feb 7, 2014
1,919
0
0
Riotguards said:
i've had a conman try and get me to use a fake site that looked identical to steam

essentially the guy tried to lure me in by saying that a person wanted to trade with me and couldn't friend me, i checked his name out which obviously came back with nothing, then i checked the link out coz, why not, the link was to a pretty detailed page, pretty much identical to steam except nothing worked

it was kinda convincing since i did have something on the market and i can see it luring people in seeing as how convincing the page looked

of course anyone who reads the link and does basic checks such as logging into steam through their official website rather than links will protect themselves from these scumbags
i reported him ofc
it wasnt a person, it was a bot, read my threads dude
 

Signa

Noisy Lurker
Legacy
Apr 10, 2020
4,742
0
41
Country
USA
Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.