Steam Hacked by Ransomware :: Steam Discussions

All Discussions > Steam Forums > Steam Discussions > Topic Details

This topic has been locked

Fga Jan 17, 2024 @ 6:24pm

Steam Hacked by Ransomware

Congratulations to Steam, I had my computer hacked by ransomware and the hacker managed to steal my browser session using cookies before I could change my password. It was there that he sold around R$350 worth of items at the community market, items that each had a high value for the most part and were sold at a very low price, for example the cs2 fragmented web box, each worth R$23 and was sold at R$ 4. I got in touch and they can't do anything, great security you have, instead of asking for confirmation for low value items too, at least give me the amount back! It had items with sentimental value!

Explaining in detail before they say it wasn't ransomware:

I had my computer files encrypted, with an amount to be paid for the ransomware key, but together with the ransomware the hacker used a stealer, usually RedLine Stealer, which steals saved credentials, credit cards, cookies and installed browser sessions on the machine, through these cookies and sessions he managed to access the Steam website through the browser, and managed to sell my items that had a significant value at a very low price without asking for confirmation on my mobile authenticator, this is the fault and it is the subject of the discussion!

Last edited by Fga; Jan 17, 2024 @ 8:44pm

< >

Showing 1-15 of 46 comments

potato Jan 17, 2024 @ 6:25pm

it's steam's fault you got your account compromised?

Satoru Jan 17, 2024 @ 6:40pm

Steam can't trade items away without the authenticator. Even if your browser cookies get hijacked, they can't trade away items without your approval

Yzal Jan 17, 2024 @ 6:40pm

Woah buddy, that's a big case of PEBKAC you got there.

[N]ebsun Jan 17, 2024 @ 7:01pm

Congratulations to YOU, great security you have.
Protect your own computer, your lack of security is no one else's fault.

davidb11 Jan 17, 2024 @ 7:02pm

Uh. THat never happened.
Steam cannot be hijacked and turned into Ransomware.
You got hacked.

IFIYGD Jan 17, 2024 @ 7:19pm

You do know that is not how ransomware works, right?
Have you looked up even the most basic layman's definition of the word "ransomware"?

Please stop dropping scary words you've heard on the news to try to make excuses for your own lack of basic internet hygiene and basic security practices, which allowed your account to be hijacked. At least learn what a word means before you start throwing it around.

You weren't hacked, you did not have a ransomware attack. You were greedy and used a scam website that gave you a spoofed Steam login widget, that you willingly put your login info into because they promised you that you could make "big money" or something.

Your account in compromised, and you need to secure it asap, or the scammers will do the same thing to you again once you have enough inventory to make it worthwhile for them. And if you still haven't removed the API key they placed on your account, they'll keep doing it. And stop using those scam third party trading and "cash out" websites. If it sounds too good to be true- it generally is.

"Ransomware". Jeez, look up what it is and how it works, please.

Chika Ogiue Jan 17, 2024 @ 7:28pm

If Steam (Valve) were the victims of Ransomware, it would be Valve who'd lose data/account, etc., not you. Somewhere along the line you've given access to your machine and/or credentials to a third party. Steam only factors into it as being an item of interest, it was not the cause.

Also, if this were ransomware, you'd be locked out of your machine, not just Steam. The data on your machine would be encrypted and you'd be coerced into paying to decrypt it.

If you haven't done so already:

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Last edited by Chika Ogiue; Jan 17, 2024 @ 7:34pm

Fga Jan 17, 2024 @ 7:49pm

Originally posted by Satoru:
Steam can't trade items away without the authenticator. Even if your browser cookies get hijacked, they can't trade away items without your approval

Yes, he cannot trade without the mobile authenticator, but he can sell expensive items below R$5 without needing confirmation from the authenticator

Fga Jan 17, 2024 @ 7:50pm

Originally posted by potato:
it's steam's fault you got your account compromised?

Yes, how is it possible for someone to sell a significant amount on the community market without having to confirm on the mobile authenticator

Fga Jan 17, 2024 @ 7:50pm

Originally posted by Nebsun:
Congratulations to YOU, great security you have.
Protect your own computer, your lack of security is no one else's fault.

Of course, if it had been me who executed the malware, it would have been my father! lol

#10

Fga Jan 17, 2024 @ 7:52pm

Originally posted by IFIYGD:
You do know that is not how ransomware works, right?
Have you looked up even the most basic layman's definition of the word "ransomware"?

Please stop dropping scary words you've heard on the news to try to make excuses for your own lack of basic internet hygiene and basic security practices, which allowed your account to be hijacked. At least learn what a word means before you start throwing it around.

You weren't hacked, you did not have a ransomware attack. You were greedy and used a scam website that gave you a spoofed Steam login widget, that you willingly put your login info into because they promised you that you could make "big money" or something.

Your account in compromised, and you need to secure it asap, or the scammers will do the same thing to you again once you have enough inventory to make it worthwhile for them. And if you still haven't removed the API key they placed on your account, they'll keep doing it. And stop using those scam third party trading and "cash out" websites. If it sounds too good to be true- it generally is.

"Ransomware". Jeez, look up what it is and how it works, please.

Along with the ransomware hackers place a stealer, usually RedLine Stealer, to steal browser passwords, cookies and sessions and also credit cards! Be informed, ransomware doesn't just encrypt files.

#11

Fga Jan 17, 2024 @ 7:54pm

Originally posted by IFIYGD:
You do know that is not how ransomware works, right?
Have you looked up even the most basic layman's definition of the word "ransomware"?

Please stop dropping scary words you've heard on the news to try to make excuses for your own lack of basic internet hygiene and basic security practices, which allowed your account to be hijacked. At least learn what a word means before you start throwing it around.

You weren't hacked, you did not have a ransomware attack. You were greedy and used a scam website that gave you a spoofed Steam login widget, that you willingly put your login info into because they promised you that you could make "big money" or something.

Your account in compromised, and you need to secure it asap, or the scammers will do the same thing to you again once you have enough inventory to make it worthwhile for them. And if you still haven't removed the API key they placed on your account, they'll keep doing it. And stop using those scam third party trading and "cash out" websites. If it sounds too good to be true- it generally is.

"Ransomware". Jeez, look up what it is and how it works, please.

I'm not a layman in the field, dear, I was hacked because I let an elderly person, my father, download something on my computer, I'm a DEV and I understand the subject!

#12

Fga Jan 17, 2024 @ 7:56pm

Originally posted by Chika Ogiue:
If Steam (Valve) were the victims of Ransomware, it would be Valve who'd lose data/account, etc., not you. Somewhere along the line you've given access to your machine and/or credentials to a third party. Steam only factors into it as being an item of interest, it was not the cause.

Also, if this were ransomware, you'd be locked out of your machine, not just Steam. The data on your machine would be encrypted and you'd be coerced into paying to decrypt it.

If you haven't done so already:

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

There was ransomware on my machine, friend, I already recovered, formatted my SSDs and lost about 2TB of files, and I may be partly to blame for having my computer hacked, but Steam is to blame for letting expensive items be sold for a low price. Very low without having to confirm it in the app, don't you think?

#13

Fga Jan 17, 2024 @ 8:00pm

Originally posted by Lazy Dog:
Woah buddy, that's a big case of PEBKAC you got there.

It was never just my mistake, their system shows a vulnerability that is quite easy to resolve in theory, asking for confirmation on all sales on the community market or on items with high standard values to be sold for a very low price.

#14

Chika Ogiue Jan 17, 2024 @ 8:11pm

Originally posted by Fga:
but Steam is to blame for letting expensive items be sold for a low price. Very low without having to confirm it in the app, don't you think?

There has to be a happy medium between user convenience and security measures. Valve assumes that all Steam users are taking appropriate measures to safeguard their own accounts, and based on that, they allow items to be sold at low prices without the constant need of confirmation.

I do, however, think that perhaps Valve should provide additional options that users can set to require confirmation regardless of price.

But until such a time that a feature like that gets added (if at all), it is up to us to ensure that no one gains access to our accounts, and for us to accept the consequences if such access is gained because we slipped up with our own security measures.

#15

< >

Showing 1-15 of 46 comments

Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details

Date Posted: Jan 17, 2024 @ 6:24pm

Posts: 46

Start a New Discussion

Discussions Rules and Guidelines

Report this post