Criminals Are Selling Your Steam Data For Just $15

[RaikuFA]

I sold a few trading cards from last years summer sale. Am I ok?

 

[SadisticFire]

I sold a few trading cards from last years summer sale. Am I ok?

Assuming it's not sarcasm, if you sold them on the offical Steam Marketplace (that thing you went to when you hit "sell" on your inventory item) you're fine. If you sold them on a third party website (Which is a no no for security and TOS reasons) then you might wanna invest in sometime to check your accounts. Maybe switch to a new email account if you gave that out.

OT: People stupid get their stuff robbed by those dirty commies? Let's go to war with them and show them true american justice! (Though really damn it Russia and your anti gay stuff)

 

[AlwaysPractical]

The problem is, the client's web engine is terrible and painful to use. Fortunately, logging into Steam from a browser isn't risky as long as you check the site's identity.

When reaching a Steam login page, the address in your browser will change from "http://" to "https://", indicating a secure page. If it doesn't, you already have the red flag you need not to enter your password.

You can check the site's https identity in any modern browser (Chrome, IE, Firefox,):

Shame on you, telling people to actually glance at the URL bar in their browser! You monster, making people actually read stuff before entering passwords!

I do agree the client's web browser is pretty meh and slow, and the way you suggested is the best way, but people are lazy. For the lazy people, I recommend using only the in-client browser just to be safe.

 

[Atrocious Joystick]

Criminals selling my steam data for a measly fifteen bucks? Thanks a lot Obama.

My steam info is worth at least two hot dogs and a dirty handshake.

 

[Vigormortis]

It's simple, people. Don't want to risk having your account credentials phished? If you're too lazy to verify the URL of the page your currently on, then instead use the Marketplace through your Steam client window.

It's really that simple. Hell, most browsers today will verify the page just by hovering your mouse over the URL header.

This "news" isn't about Steam accounts getting hacked. It's about some Steam users being dumb enough to download malware or giving out their account credentials to anyone that asks.

Has Steamguard been hacked yet? I figured that having a different password between your Steam and email accounts is all you need to protect yourself from these attacks.

It pretty much is. That and the hardware profiles linked to your account. But even SteamGuard can't protect against acts of stupid.

 

[Arnoxthe1]

Don't do any of that so... I think the riskiest buy I ever made was the Humble Indie Bundle for Serious Sam 3, Sanctum 2, Natural Selection 2, Garry's Mod, Magicka, and Orcs Must Die! 2. (I've only just gotten through SS3.)

you would be surprised at how easy and effective it is to make one phone call or e-mail pretending to be from whatever company the target has an account with.

 

[Callate]

This article seems to suggest the illegal redistribution of people's Steam data is so commonplace that we should be worried, but the particulars outline something that only ought to ever happen to someone who hasn't taken fairly obvious common-sense precautions.

How about some numbers before pointing the quivering finger of, "IT COULD HAPPEN TO YOOOOUUUU!"?

 

[RaikuFA]

I sold a few trading cards from last years summer sale. Am I ok?

Assuming it's not sarcasm, if you sold them on the offical Steam Marketplace (that thing you went to when you hit "sell" on your inventory item) you're fine. If you sold them on a third party website (Which is a no no for security and TOS reasons) then you might wanna invest in sometime to check your accounts. Maybe switch to a new email account if you gave that out.

OT: People stupid get their stuff robbed by those dirty commies? Let's go to war with them and show them true american justice! (Though really damn it Russia and your anti gay stuff)

I did the former. Yay, I'm OK.

 

[martyrdrebel27]

Fifteen dollars for the list? Eh, I'll wait and get it during the Summer Sale.

 

[Kataskopo]

...

Because those trades are high risk to getting you arrested for money laundering or getting your newly bought game taken away with no refund because the trader that sold it to you bought it with a stolen credit card.

...

A game isn't worth being arrested. A game isn't worth the effort to try to convince the police that you thought "Watch_Dogs $30" on May 20th, 2014 was a completely legit offer.

Its safer to exchange lots of money in a big crowded market than a small empty one. Keys run for 2.50$ a pop, so lots of tiny transactions also make it hard to know if its legit or not.

Keys in the steam economy were the original bitcoin. Which means steam helped invent cyptocurrencies.

Ehm, has anyone ever been arrested for having his information stolen on Steam?

Because as far as I know, that hasn't happened ever. The credit card companies usually just give you back your money.

 

[Kataskopo]

i've had a conman try and get me to use a fake site that looked identical to steam

essentially the guy tried to lure me in by saying that a person wanted to trade with me and couldn't friend me, i checked his name out which obviously came back with nothing, then i checked the link out coz, why not, the link was to a pretty detailed page, pretty much identical to steam except nothing worked

it was kinda convincing since i did have something on the market and i can see it luring people in seeing as how convincing the page looked

of course anyone who reads the link and does basic checks such as logging into steam through their official website rather than links will protect themselves from these scumbags
i reported him ofc

What I do is disable javascript by default, and just whitelist the websites I use. It's a little bit bothersome, but whenever you go to a new domain there's that "javascript is disabled" icon, so you know you've never been there and can take action.

 

[DoctorObviously]

I was a little scared upon reading the title, thank god I don't either trade or have an unhealthy addiction to achievements.

 

[gridsleep]

Not playing any of those games that require log-in beyond the Steam Client makes me immune. Unless someone hacks into Steam and that's their security issue to fix.

 

[Strazdas]

yeah, i dont care about achievements and i never use steam trading thingy. kinda safe here i was also never added by physing bots but i wouldnt click on thier links anyway.

And on a side note: who the hell tries to trade or buy on Steam outside of the actual Steam application? You're just asking for trouble if you do that.

I always do it via website. websites should be looked in browsers and not in-app is how i deal with it. in-program browser is useless for me.

And yes, it is considered hacking.

no its not. hacking is breaking into the system (to do damage, steam things or just for the luls, doesnot matter). social engineering does not break into system, its just tricking people. social engineering is not hacking. getting into EA server and stealing origin account database is hacking. Using HeartBleed is hacking. telling somone to give you his password is not hacking.

Hell, ever sit out in some public place with a smartphone, laptop, or tablet? really easy for someone to peek over your shoulder without being noticed to see your login credentials for any website you log on to.

who logs into websites in public anyway? not to mention password isnt shown even on smartphones.

You can be guaranteed that if you took a tech course that you'd be asked a question about hacks, and social engineering being an answer to that question.

then the tech course would be wrong.

 

[Signa]

You can be guaranteed that if you took a tech course that you'd be asked a question about hacks, and social engineering being an answer to that question.

then the tech course would be wrong.

Care to share your enlightenment with me, or are you calling bullshit on the A+ certification training I'm taking? All your comment just amounted to was "Nuh-uh!"

 

[Strazdas]

You can be guaranteed that if you took a tech course that you'd be asked a question about hacks, and social engineering being an answer to that question.

then the tech course would be wrong.

Care to share your enlightenment with me, or are you calling bullshit on the A+ certification training I'm taking? All your comment just amounted to was "Nuh-uh!"

in my previuos post i have already delved deeper into what hacking is in response to Kelezian. And yes, if your training is stating that social engineering is hacking i call bullshit on it.

 

[Signa]

You can be guaranteed that if you took a tech course that you'd be asked a question about hacks, and social engineering being an answer to that question.

then the tech course would be wrong.

Care to share your enlightenment with me, or are you calling bullshit on the A+ certification training I'm taking? All your comment just amounted to was "Nuh-uh!"

in my previuos post i have already delved deeper into what hacking is in response to Kelezian. And yes, if your training is stating that social engineering is hacking i call bullshit on it.

Phew, I'm glad you cleared that up. I'm sure the instructor at the testing location will accept opinions from the internet as valid answers, because that makes studying so much easier.