Todas las discusiones > Foros de Steam > Steam Discussions > Detalles del tema
Este tema ha sido cerrado
Fga 17 ENE 2024 a las 6:24 p. m.
Steam Hacked by Ransomware
Congratulations to Steam, I had my computer hacked by ransomware and the hacker managed to steal my browser session using cookies before I could change my password. It was there that he sold around R$350 worth of items at the community market, items that each had a high value for the most part and were sold at a very low price, for example the cs2 fragmented web box, each worth R$23 and was sold at R$ 4. I got in touch and they can't do anything, great security you have, instead of asking for confirmation for low value items too, at least give me the amount back! It had items with sentimental value!

Explaining in detail before they say it wasn't ransomware:

I had my computer files encrypted, with an amount to be paid for the ransomware key, but together with the ransomware the hacker used a stealer, usually RedLine Stealer, which steals saved credentials, credit cards, cookies and installed browser sessions on the machine, through these cookies and sessions he managed to access the Steam website through the browser, and managed to sell my items that had a significant value at a very low price without asking for confirmation on my mobile authenticator, this is the fault and it is the subject of the discussion!
Última edición por Fga; 17 ENE 2024 a las 8:44 p. m.
< >
Mostrando 31-45 de 46 comentarios
IFIYGD 17 ENE 2024 a las 8:55 p. m. 
Publicado originalmente por Fga:
Publicado originalmente por IFIYGD:
But, but, but... they are a DEV and apparently DEVs know everything? I think that's what the OP keeps trying to convince people of?

Never, did I say that I am a DEV and I am not new to the subject “since I have been studying the area for a few years!” I even edited the discussion with more details now

Really? What's this, then?
Publicado originalmente por Fga:
I'm not a layman in the field, dear, I was hacked because I let an elderly person, my father, download something on my computer, I'm a DEV and I understand the subject!

The hole you are digging is too deep for any ladder to reach you already. Put down your shovel and stop digging, dear.
#31
Fga 17 ENE 2024 a las 8:55 p. m. 
Publicado originalmente por Leonardo Da Pinchi:
Publicado originalmente por Fga:

Never, did I say that I am a DEVand I am not new to the subject “since I have been studying the area for a few years!” I even edited the discussion with more details now


Publicado originalmente por Fga:

I'm not a layman in the field, dear, I was hacked because I let an elderly person, my father, download something on my computer, I'm a DEV and I understand the subject!
Your chatbot have an error there or...?

I never said that DEVs know everything or anything like that
#32
Leonardo Da Pinchi 17 ENE 2024 a las 8:56 p. m. 
Publicado originalmente por Fga:
Publicado originalmente por Leonardo Da Pinchi:



Your chatbot have an error there or...?

I never said that DEVs know everything or anything like that
Translation error then, right, carry on.
#33
Fga 17 ENE 2024 a las 8:58 p. m. 
Maybe my English is rude or poorly written because I use a translator in some parts, my language is not English, that text may have sounded egocentric, but I just said that "I know the subject because I'm a DEV"

Publicado originalmente por IFIYGD:
Publicado originalmente por Fga:

Never, did I say that I am a DEV and I am not new to the subject “since I have been studying the area for a few years!” I even edited the discussion with more details now

Really? What's this, then?
Publicado originalmente por Fga:
I'm not a layman in the field, dear, I was hacked because I let an elderly person, my father, download something on my computer, I'm a DEV and I understand the subject!

The hole you are digging is too deep for any ladder to reach you already. Put down your shovel and stop digging, dear.

Maybe my English is rude or poorly written because I use a translator in some parts, my language is not English, that text may have sounded egocentric, but I just said that "I know the subject because I am a DEV" and I know what ransomware is and what can he do '-'

And for example, it wasn't me who wrote aggressively saying if I knew the meaning of the words ransomware and stating that I didn't have one on my computer
Última edición por Fga; 17 ENE 2024 a las 9:00 p. m.
#34
Sasori Kigaru 17 ENE 2024 a las 9:18 p. m. 
I've since updated my old reply since you've updated your OP.

That said, hopefully ya learned a lesson here in regards to user security. Also, if I were you, I would just use the steam client rather than the browser especially for purchasing, additionally clear either ALL or only your steam related cookies. This way should you somehow download malware again, then those cookies can't be used against you.

The steam desktop client itself won't suffer those same cookie vulnerabilities browsers in general share since the only way to access the desktop client is logging into it with valid login information and authentication if auth (email or mobile) is enabled.
#35
Crashed 17 ENE 2024 a las 9:28 p. m. 
Publicado originalmente por potato:
it's steam's fault you got your account compromised?
Do you victim blame ransomware victims outside of Steam? What's so special about Steam where if one gets compromised it is their fault?
#36
Sasori Kigaru 17 ENE 2024 a las 9:35 p. m. 
Publicado originalmente por Crashed:
Publicado originalmente por potato:
it's steam's fault you got your account compromised?
Do you victim blame ransomware victims outside of Steam? What's so special about Steam where if one gets compromised it is their fault?

I mean, its still the users fault for getting the malware/ransomware in the first place. They don't get on your PC from nothing after all, you HAVE to download/initiate it yourself in some way. Could be suspicious links in an email, could be a suspicious text or a website you really shouldn't be browsing but it looks so legit. Maybe you even clicked on those weird ads on the sides of the websites out of curiosity.

All in all, its the user, whether its on steam OR other sites/platforms thats gets their PC infected.

Its never "I didn't do anything!"

So its best they learn WHAT they did and then hopefully never do it again to avoid it.
#37
Sleepy Yoshi 17 ENE 2024 a las 11:51 p. m. 
Account security is the user's responsibility. We all get that, but that's only part of what was brought up and the only real thing being addressed.

The other half of this does seem problematic, unless they've changed things massively in the last handful of years. Because in 2018 it was changed where you are suppose to receive a confirmation for all items that have a value over $1 and for all items being sold outside the median sales price for anything under $1.

I've not heard of it being changed from that. And a policy like that makes sense, because it helps protect those compromised as well as against accidental pricing errors. That part at least does need explanation beyond "its your responsibility".
Última edición por Sleepy Yoshi; 17 ENE 2024 a las 11:52 p. m.
#38
N3tRunn3r 18 ENE 2024 a las 12:47 a. m. 
If your "system" got infected by ransomware, why is it steams fault? It is YOUR fault by your faulty security done..

I dont even believe it was some ransomware but you have logged in into some fake phishing/scamming website.. just like every one else who play CS2/TF2 does. ust check the forums, it is filled daily with these complains and greedy stupidity.
#39
PaulKrawitz 18 ENE 2024 a las 1:20 a. m. 
Publicado originalmente por Fga:
Congratulations to Steam, I had my computer hacked by ransomware and the hacker managed to steal my browser session using cookies before I could change my password. It was there that he sold around R$350 worth of items at the community market, items that each had a high value for the most part and were sold at a very low price, for example the cs2 fragmented web box, each worth R$23 and was sold at R$ 4. I got in touch and they can't do anything, great security you have, instead of asking for confirmation for low value items too, at least give me the amount back! It had items with sentimental value!

Explaining in detail before they say it wasn't ransomware:

I had my computer files encrypted, with an amount to be paid for the ransomware key, but together with the ransomware the hacker used a stealer, usually RedLine Stealer, which steals saved credentials, credit cards, cookies and installed browser sessions on the machine, through these cookies and sessions he managed to access the Steam website through the browser, and managed to sell my items that had a significant value at a very low price without asking for confirmation on my mobile authenticator, this is the fault and it is the subject of the discussion!

Ever heard about Two-Step-Verification?

Probably not.

Otherwise your account, among other possible candidates, wouldn't have been compromised.

Little advice, always change your passwords across all sites at least once per month.

If you're too lazy to do that then use Two-Step-Verification either via mail, sms, or an app.
Última edición por PaulKrawitz; 18 ENE 2024 a las 1:22 a. m.
#40
Muppet among Puppets 18 ENE 2024 a las 1:24 a. m. 
Publicado originalmente por PaulKrawitz:
Publicado originalmente por Fga:
Congratulations to Steam, I had my computer hacked by ransomware and the hacker managed to steal my browser session using cookies before I could change my password. It was there that he sold around R$350 worth of items at the community market, items that each had a high value for the most part and were sold at a very low price, for example the cs2 fragmented web box, each worth R$23 and was sold at R$ 4. I got in touch and they can't do anything, great security you have, instead of asking for confirmation for low value items too, at least give me the amount back! It had items with sentimental value!

Explaining in detail before they say it wasn't ransomware:

I had my computer files encrypted, with an amount to be paid for the ransomware key, but together with the ransomware the hacker used a stealer, usually RedLine Stealer, which steals saved credentials, credit cards, cookies and installed browser sessions on the machine, through these cookies and sessions he managed to access the Steam website through the browser, and managed to sell my items that had a significant value at a very low price without asking for confirmation on my mobile authenticator, this is the fault and it is the subject of the discussion!

Ever heard about Two-Step-Verification?

Probably not.

Otherwise your account, among other possible candidates, wouldn't have been compromised.

Little advice, always change your passwords across all sites at least once per month.

If you're too lazy to do that then use Two-Step-Verification either via mail, sms, or an app.
2fa does not help against such a malware.
#41
PaulKrawitz 18 ENE 2024 a las 1:36 a. m. 
Publicado originalmente por Muppet among Puppets:
Publicado originalmente por PaulKrawitz:

Ever heard about Two-Step-Verification?

Probably not.

Otherwise your account, among other possible candidates, wouldn't have been compromised.

Little advice, always change your passwords across all sites at least once per month.

If you're too lazy to do that then use Two-Step-Verification either via mail, sms, or an app.
2fa does not help against such a malware.

How exactly does it operate to bypass the verification?
#42
Muppet among Puppets 18 ENE 2024 a las 1:41 a. m. 
Publicado originalmente por PaulKrawitz:
Publicado originalmente por Muppet among Puppets:
2fa does not help against such a malware.

How exactly does it operate to bypass the verification?
It could be keylogging or session stealing malware.
#43
PaulKrawitz 18 ENE 2024 a las 1:46 a. m. 
Publicado originalmente por Muppet among Puppets:
Publicado originalmente por PaulKrawitz:

How exactly does it operate to bypass the verification?
It could be keylogging or session stealing malware.

Both could be prevented by changing passwords on a regular basis, no?

Also, a proper security system and some common sense.
#44
Sasori Kigaru 18 ENE 2024 a las 1:52 a. m. 
Publicado originalmente por PaulKrawitz:
Publicado originalmente por Muppet among Puppets:
It could be keylogging or session stealing malware.

Both could be prevented by changing passwords on a regular basis, no?

Also, a proper security system and some common sense.

The keylogger will just obtain the new passwords as you change them and changing passwords won't help with session stealing.

The solution is better/safer internet usage habits which does include common sense but also includes learning from past mistakes.
#45
< >
Mostrando 31-45 de 46 comentarios
Por página: 1530 50

Todas las discusiones > Foros de Steam > Steam Discussions > Detalles del tema
Publicado el: 17 ENE 2024 a las 6:24 p. m.
Mensajes: 46
Comenzar una nueva discusión

Normas y directrices sobre discusión