Criminals Are Selling Your Steam Data For Just $15

[AlwaysPractical]

Easiest fix: only browse the Steam Community from in the Steam client. It doesn't allow non-official Steam sites to be opened. Now don't tell people your password and problem solved.

 

[Ticklefist]

I'll gladly sell my Steam account for a reasonable sum. My backlog is a freakin' burden.

 

[Glaice]

At least I'm not stupid enough to care that much for achievements or trade publically on forums or community hubs. Also, I'm not the type who would click a link from an unknown person when the link obviously looks dodgy.

 

[ShadowGandalf01]

I don't go onto the marketplace, and I never EVER hack. (I care about PS Trophies, but not about Steam Achievements)... Does this mean I'm safe?

 

[Freyar]

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

This is indicating nobody's smart enough to avoid this crap. Considering my SteamID is almost 10 years old and has a lot of my history with it, I'm absolutely paranoid about losing it. You can deal with the Steam Community in a safe manner, it just takes due diligence to check links and frankly not enough people do that.

Steam has a hell of a support problem, and it's mainly because end-users are stupid.

Aside: Let's call things what it is. Social Engineering or stupidity. Hacking indicates a vulnerability with the system, and that is an end-user problem not an issue with Steam's security.

 

[Headsprouter]

Steam Acheivements? Who gives a crap about those?

Does this mean using a site such as Backpack.tf is unsafe?

Besides that, you'd probably be pretty dumb to click a dodgy link or accept a IP-giving call from a complete stranger.

 

[Schadrach]

Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.

That's what I was wondering, but no one seems to mention -- if someone were to try to log on to my account from (for example) Russia, wouldn't they need a code emailed to my address, letting me know it happened?

 

[Hairless Mammoth]

Are people on Steam really desperate enough to pay and give away their sensitive info for the chance to raise some useless stat in their games? I thought it was bad on xbox live. Falling for phishing is sometimes understandable since your wanting to do whatever task you want done really quick and don't see subtle differences in the site layout and URL. Either way the entirety of the internet needs to learn to be a lot more careful and wary of either method.

Easiest fix: only browse the Steam Community from in the Steam client. It doesn't allow non-official Steam sites to be opened. Now don't tell people your password and problem solved.

That would be the smart thing to do. Regrettably, the general public isn't into doing the smart thing. I never really liked logging on with my Live or PSN account in a browser because it looses that layer of security. And if I ever get a call or even make a call where the person asks my for my credit card info, account info or passwords, I'm hanging up (possibly after a string of foul language.)

 

[Cerebrawl]

So which are you? Someone that cooperates and then gets hacked, someone who doesn't realize what's going on but gets hacked anyway? Or have you been lucky so far?

False dichotomy.

I don't download cheats/hacks.

I've hardly set foot in the market, I sell cards from my inventory, that's about it.

And most importantly, I'm not dumb enough to fall for phishing.

I also have up to date antivirus with browser plugin, as well as some other protective software, so I'm not so likely to get infected by something. My steam account and email aren't the same, and have different passwords, the steam account name refers to a defunct email from an email site that's been dead for over a decade...

 

[Seracen]

I run Steam in offline mode all the time, barring when I purchase a game with prepaid Steam Wallet Cards. I distrust digital shopping by design. Hell, I am one of those people that still prefers calling in their pizza order (although this is mainly b/c I am too lazy/paranoid to create an account).

Also, I am morally opposed to buying extraneous DLC (ie cosmetic stuff) for games I've paid for. F2P is less offensive, but that's something else entirely. Considering that I don't do MP much, I pass by most F2P games with microtransactions (current exception is SWTOR, but I rarely buy things in their Cartel Market).

 

[WhiteTigerShiro]

Steam Acheivements? Who gives a crap about those?

Plenty of people. That said though, I feel little sympathy for people who are too lazy and/or incompetent to get their own achievements and hire a third party to farm for them. If you really care about your achievement completion, then you should be willing to grind them yourself.

 

[Roxas1359]

Hell, I am one of those people that still prefers calling in their pizza order (although this is mainly b/c I am too lazy/paranoid to create an account).

Just so you know, well if you're in the US, none of the pizza services that allow you to order online require you to have an account. You need to provide your email for that order specifically in some cases, but you don't need an account and they won't spam your email with ads or anything. Take it from someone who orders online for pizza all the time, because if they started giving you ads without your consent it's grounds for a lawsuit, and no retail fast-food chain likes those.

That said though, I feel little sympathy for people who are too lazy and/or incompetent to get their own achievements and hire a third party to farm for them. If you really care about your achievement completion, then you should be willing to grind them yourself.

Wait, there are people that do that? 0.o
That's...that's just a plain waste of money right there for a digital little icon or reward that has no effect on the physical world whatsoever.

OT: I've dealt with scammers before on Steam, they weren't the smartest tools in the shed that's for sure. Honestly I don't have any personal information or credit card/debit card information on my Steam account because of the possibility of hackers. I don't have a card on any account for consoles or online gaming in general for that reason.

 

[Grimh]

So in other words, criminals are not selling my Steam data for just 15$?

That's good to know I guess.

 

[RaikuFA]

I sold a few trading cards from last years summer sale. Am I ok?

 

[SadisticFire]

I sold a few trading cards from last years summer sale. Am I ok?

Assuming it's not sarcasm, if you sold them on the offical Steam Marketplace (that thing you went to when you hit "sell" on your inventory item) you're fine. If you sold them on a third party website (Which is a no no for security and TOS reasons) then you might wanna invest in sometime to check your accounts. Maybe switch to a new email account if you gave that out.

OT: People stupid get their stuff robbed by those dirty commies? Let's go to war with them and show them true american justice! (Though really damn it Russia and your anti gay stuff)

 

[AlwaysPractical]

The problem is, the client's web engine is terrible and painful to use. Fortunately, logging into Steam from a browser isn't risky as long as you check the site's identity.

When reaching a Steam login page, the address in your browser will change from "http://" to "https://", indicating a secure page. If it doesn't, you already have the red flag you need not to enter your password.

You can check the site's https identity in any modern browser (Chrome, IE, Firefox,):

Shame on you, telling people to actually glance at the URL bar in their browser! You monster, making people actually read stuff before entering passwords!

I do agree the client's web browser is pretty meh and slow, and the way you suggested is the best way, but people are lazy. For the lazy people, I recommend using only the in-client browser just to be safe.

 

[Atrocious Joystick]

Criminals selling my steam data for a measly fifteen bucks? Thanks a lot Obama.

My steam info is worth at least two hot dogs and a dirty handshake.

 

[Vigormortis]

It's simple, people. Don't want to risk having your account credentials phished? If you're too lazy to verify the URL of the page your currently on, then instead use the Marketplace through your Steam client window.

It's really that simple. Hell, most browsers today will verify the page just by hovering your mouse over the URL header.

This "news" isn't about Steam accounts getting hacked. It's about some Steam users being dumb enough to download malware or giving out their account credentials to anyone that asks.

Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.

It pretty much is. That and the hardware profiles linked to your account. But even SteamGuard can't protect against acts of stupid.

 

[Arnoxthe1]

Don't do any of that so... I think the riskiest buy I ever made was the Humble Indie Bundle for Serious Sam 3, Sanctum 2, Natural Selection 2, Garry's Mod, Magicka, and Orcs Must Die! 2. (I've only just gotten through SS3.)

you would be surprised at how easy and effective it is to make one phone call or e-mail pretending to be from whatever company the target has an account with.

 

[Callate]

This article seems to suggest the illegal redistribution of people's Steam data is so commonplace that we should be worried, but the particulars outline something that only ought to ever happen to someone who hasn't taken fairly obvious common-sense precautions.

How about some numbers before pointing the quivering finger of, "IT COULD HAPPEN TO YOOOOUUUU!"?