My Steam account got stolen -- Warning for ALL Steam users

Pika! Pika!

  • Jr. Member
  • Posts: 56
  • Trades: 75
My Steam account got stolen -- Warning for ALL Steam users
« on February 11th, 2019, 02:15 PM »Last edited on February 11th, 2019, 05:49 PM by [Lestrades.com] Nao 尚
My Steam account just got stolen, so please do not engage in any trades with me until resolved. Some Russian currently has it. Just letting you know whilst I can still login to some Steam related platforms. I got a link via a 'friend' and logged in with my Steam credentials there and next thing I knew my Steam Guard phone number was removed and a Russian phone number came into its place. I think it happened via a website link sent to me by a user in my friendslist called Teldango, but I better be careful in my allegations I cannot login anymore, I cannot be 100% sure and then the question still remains whether this individual is in control of his account or whether it was also compromised. At any rate, do not engage in any trades with me until I manage to get my account back. Not sure how long it usually takes Steam to resolve such matters.

Nao 尚

  • I'm Share-Locked
  • Administrator
  • Posts: 1,399
  • Trades: 223
Re: My Steam account got stolen
« Reply #1, on February 11th, 2019, 05:48 PM »
Yeah, I was gonna post about it... I just received a chat message from "you" with the link to the website.

Also stolen: juliangmr
(Also got the same message from him.)

Please guys, when you find yourself with a "too good to be true" site offering you shit like GTA V for free, think twice before you enter your Steam credentials into it. In this case, it's just a fake Steam login page that gets your password and then does nothing else.
I suppose if you had 2-factor login enabled, it wouldn't have been a problem, as even with your password an external site wouldn't be able to use it without your consent.

Good luck recovering your account... :(

CUE

  • Newbie
  • Posts: 4
  • Trades: 17

Kakhi

  • Newbie
  • Posts: 1
  • Trades: 42
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #3, on February 11th, 2019, 08:05 PM »
Quote from CUE on February 11th, 2019, 07:20 PM
I have also received "your" message and I have removed you from my friends list to not receive any more messages.

I hope Steam will solve it soon to add you again.

Same msg from girolamocastaldo (another account stoled?)
Hello,

Sadly, I can confirm this account user has been stolen, too, as I received the same message from this one, and so have to remove from my friendlist.

( By the the way, I decided to temporarily stop any trading here, and from Barter, until better news. :/ Sorry about this. )

Good Luck,, too.





Akylen

  • Full Member
  • Posts: 218
  • Trades: 61
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #4, on February 11th, 2019, 08:53 PM »Last edited on February 11th, 2019, 10:34 PM
That's shit! Hope you can get your account back. Like Nao said, 2-factor authentication is must nowadays.

I also got a bunch of messages from people with suspicious links and removed them from friends list to avoid more trouble.

Hopanda

  • Newbie
  • Posts: 2
  • Trades: 2
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #5, on February 12th, 2019, 01:56 AM »
Quote from Akylen on February 11th, 2019, 08:53 PM
That's shit! Hope you can get your account back. Like Nao said, 2-factor authentication is must nowadays.

I also got a bunch of messages from people with suspicious links and removed them from friends list to avoid more trouble.
Sadly, that doesn't help when people mindlessly login with their information on shady websites before checking whether or not it's actually legit. They're basically giving the information those scammers need voluntarily and make it really easy for them to hijack their accounts.

A golden rule everyone should follow: Do not click suspicious/random links no matter how good the "deal" may sound and no matter who sent it and don't EVER enter your login information on suspicious/shady websites.

AJ

  • Newbie
  • Posts: 21
  • Trades: 6
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #6, on February 12th, 2019, 04:11 AM »Last edited on February 12th, 2019, 06:40 AM
Quote from Hopanda on February 12th, 2019, 01:56 AM
Quote from Akylen on February 11th, 2019, 08:53 PM
... Like Nao said, 2-factor authentication is must nowadays..
Sadly, that doesn't help when people mindlessly login with their information on shady websites before checking whether or not it's actually legit. They're basically giving the information those scammers need voluntarily and make it really easy for them to hijack their accounts.
...
But I'm super curious about how can the hijacker remove/alter the Steam Guard protection?
I just tried to remove mine and it need to be done on the user's own mobile app in their own phone. :hmm: :hmm:

Nao 尚

  • I'm Share-Locked
  • Administrator
  • Posts: 1,399
  • Trades: 223
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #7, on February 12th, 2019, 07:33 AM »Last edited on February 12th, 2019, 11:01 PM
Current status on stolen accounts:

- RavenShockz (confirmed by me)
- Fizz (confirmed by me)
- juliangmr (confirmed by me)
- girolamocastaldo[1] (confirmed by CUE and Kakhi)
 1. Please note, this is a very prominent (and pretty okay!) trader on both LT's and Barter, so he WILL be a strong factor for the propagation of that noob-oriented phishing.
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #8, on February 12th, 2019, 07:40 AM »
Quote from Hopanda on February 12th, 2019, 01:56 AM
A golden rule everyone should follow: Do not click suspicious/random links no matter how good the "deal" may sound and no matter who sent it and don't EVER enter your login information on suspicious/shady websites.
Even simpler-- if you find yourself on a page asking you for your credentials, first of all-- is that page NOT filling out your usual credentials for you..? If yes, then MAYBE it's not hosted on the Steam website?! Then look at the URL... Does it say Steamcommunity or something? Does it have a green lock icon indicating the URL isn't being spoofed? This is the kind of thing that's easy to see when you're suspicious. In this case, we're talking about a popup where the URL only says 'About:', that's suspicious enough... If you try to follow the link to 'create a Steam account', you'll notice they didn't even bother to redirect you to the Steam website lol, it's like they simply made a copy of the HTML for that page and didn't bother to make it work flawlessly. All they're interested in is getting your password, remember..?

After attempting to ruin the games market on Steam (and actually managing to ruin the card market), now the Russians are targeting more valuable items from your inventory, I guess... :-/

Pika! Pika!

  • Jr. Member
  • Posts: 56
  • Trades: 75
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #9, on February 12th, 2019, 10:26 PM »Last edited on February 12th, 2019, 11:04 PM
I just got my account back. Sorry for the spam if you were in my friendslist.

Just to clarify: It seems various 7 - 15 day community bans got triggered in my case (which means that no trading / market functions are available). A new Steam Guard phone number triggers a 15 day community ban and removes all items up for sale back into your inventory. So in short if your account is still stolen, you highly likely have not lost anything at all just like me (except for time to resolve it and probably people in your friendslist who did not want to receive the spam). It is however important to get that account locked and then the details of the ownership submitted as otherwise those items and anything else of value can be stolen in 15 days time. Getting that account locked can be a bit tricky as Steam will not consistenly provide the same options. Initially Steam was demanding that I logged in to lock my account which was rather impossible when I had no control over my account. Only later on Steam noticed many logins on my account and then I got the ability to lock down the account completely and generate a Steam unlock code (which I actually did not have to use, but best to still write that code down properly).

Another clarification: I did have 2FA, but I entered those details at the scam website and with it, the attacker was able to change the phone number and email attached to my account in less than a minute.

AJ

  • Newbie
  • Posts: 21
  • Trades: 6
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #10, on February 12th, 2019, 11:59 PM »
Quote from Pika! Pika! on February 12th, 2019, 10:26 PM
...I entered those details at the scam website and with it, the attacker was able to change the phone number and email attached to my account in less than a minute.
First, thank you for reporting the newest situation to the public and congratulation on your account recovery.

So, what you mean is, within a minute, the Steam Guard code that your provided is the same and the attackers can use it to replace the phone number and email attached to the account with their own ones and then cancel the Steam Guard by their phone number or email rather than using the Steam Guard on the original account owner's cellphone?

Pika! Pika!

  • Jr. Member
  • Posts: 56
  • Trades: 75
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #11, on February 13th, 2019, 12:18 AM »Last edited on February 13th, 2019, 12:59 AM
Quote from AJ on February 12th, 2019, 11:59 PM
Quote from Pika! Pika! on February 12th, 2019, 10:26 PM
...I entered those details at the scam website and with it, the attacker was able to change the phone number and email attached to my account in less than a minute.
First, thank you for reporting the newest situation to the public and congratulation on your account recovery.

So, what you mean is, within a minute, the Steam Guard code that your provided is the same and the attackers can use it to replace the phone number and email attached to the account with their own ones and then cancel the Steam Guard by their phone number or email rather than using the Steam Guard on the original account owner's cellphone?
Yes, they use that Steam guard code against you...the entire process is automated. They first remove the Steam Guard, then they remove the phone number associated to one's account and then they change the email associated to one's account, so then one is basically shut out out of one's own account and all in less than one minute. Luckily Steam sends a few emails to notify you about the changes and one of them allows for account recovery options, but as previously stated the account recovery options unfortunately do not provide an immediate emergency account lock.....at least in my case (or maybe I was not focused properly on getting that done as quickly as possible). All in all I think the Steam layout can be improved, so that emergency account lock immediately pops up. Then again, the lock is not all urgent in itself as the changes should trigger a community ban which keeps one's items safe for 15 days.....the issue in this case is that it would help if links cannot be sent to friends for let's say three days in case an email or phone number recently changed. In regards to that community ban it was a bit strange though as it was first activated and then it was seemed that it was removed a while later and then I think I had to reactivate it again.....maybe it was a display error, but it felt a bit like a battle for control of the account between me and the hijacker.....not sure how that community ban could have been temporaririly deactivated....it probably was a display error as nothing was removed from my account.

I think after 2 - 3 hours the hijacked account also started sending out the scammy link to others and thereby propagate it to others. Took me about 3 hours before I was finally able to lock my account, so by then the hijacked account had already sent out two spam messages.

Akylen

  • Full Member
  • Posts: 218
  • Trades: 61
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #12, on February 13th, 2019, 01:17 AM »
Sounds frustrating as hell. Thanks for letting us know the outcome. If they did that even with 2FA, that's super alarming. Glad you got your account back without prejudice though.
Have you notified Steam to improve their security practices regarding 2FA? And it's like you said, the lock should be immediately available from your old email.


Just so I understand, did you have to create a new account to communicate with steam support or did you go through all of that using links in your email?

Pika! Pika!

  • Jr. Member
  • Posts: 56
  • Trades: 75
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #13, on February 13th, 2019, 01:40 AM »
Quote from Akylen on February 13th, 2019, 01:17 AM
Sounds frustrating as hell. Thanks for letting us know the outcome. If they did that even with 2FA, that's super alarming. Glad you got your account back without prejudice though.
Have you notified Steam to improve their security practices regarding 2FA? And it's like you said, the lock should be immediately available from your old email.


Just so I understand, did you have to create a new account to communicate with steam support or did you go through all of that using links in your email?
The thing with 2FA was that I entered those details at that website.....sometimes the cookies need to be updated or something like that, but handing over that info on that website was enough to gain access to everything. So in that sense it is like Nao says best to never enter the actual 2FA details on any site that is not 100% trusted.

I did not have to create a new account. I got three emails. One that my Steam Guard was removed. One that my phone number connected to Steam was removed. The third one indicated that my email address was changed. This last one has a link to regain account ownership. It requires details of Paypal or bank payments involving Steam purchases and a Steam key that was activated on your account.....the more information provided....the faster they are able to help I think. So in my case I fairly quickly was able to send this ownership matter to Steam......about 25 minutes after I lost my account. At that point I did not know that completely locking down an account was an option, so that happened about three hours later from the moment of the hijack. It does seem that locking down an account still does not lock everything. I notice some other victims of this are still spamming messages, even though they have locked down their accounts. At least locking down the accounts should provide greater certainty that no items will be missing even if Steam happens to take longer than 15 days to resolve this matter (although they seem to be working very hard to solve this in 1-2 days per case).

AJ

  • Newbie
  • Posts: 21
  • Trades: 6
Re: My Steam account got stolen -- Warning for ALL Steam users
« Reply #14, on February 13th, 2019, 02:18 AM »
Quote from Pika! Pika! on February 13th, 2019, 12:18 AM
Yes, they use that Steam guard code against you...the entire process is automated. They first remove the Steam Guard, then they remove the phone number associated to one's account and then they change the email associated to one's account, ... in less than one minute. ...
For before being hijacked, I think the key is the way how the Steam Guard to grant the access of any action for the account. 


There are mainly two methods, one is , like what Steam using, to provide an access code which is valid within a minute, so the attackers can use the code do what they want within that one minute.


The other one is, like Microsoft do, there is no code, the account owner have to press "grant it" every time there is an action needed to be confirmed on the app.


As for removing the Steam Guard, I think the priority of the process is, since the attackers can't remove the Steam Guard from the app apparently, they got to change the E-mail or Cellphone number first and then removing the Steam Guard through E-mail or Message to the phone. 
So, within one minute, they use the Steam Guard code we gave them to grant the actions of replacing the E-mail and Cellphone number with their own then BANG!!!  We know the rest of story.