All Discussions > Steam Forums > Steam Discussions > Topic Details
Blitzz_ Jun 11, 2021 @ 9:07pm
Can someone do something about this 'mainfight' crap?
I have lost like 20 friends because I clicked on a mainfight link and it normally only does something when you log into your account. But here's the thing, I NEVER LOGGED INTO MY STEAM ACCOUNT ON MAINFIGHT. So now someone is hacking me and asking all of my friends to vote for team Quartz. So all of my friends say that they don't trust the link. So I have lost like 20 friends from this crap. Can someone take action here? I don't wanna lose any more friends to this.
< >
Showing 1-11 of 11 comments
Fake Jun 11, 2021 @ 9:43pm 
Secure your account. You gave away your account credentials. Hijackers are using your account to hijack those on your friend list.
#1
cSg|mc-Hotsauce Jun 11, 2021 @ 9:52pm 
ALL steps NOW!

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

:qr:
#2
Quint the Alligator Snapper Jun 11, 2021 @ 10:05pm 
Did you log into your Steam account on a "sign in through Steam" page?

The scam you're talking about sounds like one that uses a fake page that looks like a real "sign in through Steam" page. That fake page is used to make people think they're signing into their Steam account on the Steam site...except it's actually a fake browser window, complete with address bar and security symbol to look real.
#3
cSg|mc-Hotsauce Jun 11, 2021 @ 10:09pm 
Clicking or tapping the link in the mobile app seems to automatically grab the login info. It was reported as an exploit 3 years ago.

:qr:
#4
Quint the Alligator Snapper Jun 11, 2021 @ 10:11pm 
Originally posted by cSg|mc-Hotsauce:
Clicking or tapping the link in the mobile app seems to automatically grab the login info. It was reported as an exploit 3 years ago.

:qr:
OOF

Well I guess there is merit to the "don't even click on it" advice.

I was wondering whether there was some sort of password autofill going on, given that that's a very common browser feature these days that generally defaults to on...
Last edited by Quint the Alligator Snapper; Jun 11, 2021 @ 10:11pm
#5
SaradMatthew007 Jun 11, 2021 @ 10:15pm 
why would you click on a link without proper knowledge?
#6
cSg|mc-Hotsauce Jun 11, 2021 @ 10:27pm 
Originally posted by Quint the Alligator Snapper:
Originally posted by cSg|mc-Hotsauce:
Clicking or tapping the link in the mobile app seems to automatically grab the login info. It was reported as an exploit 3 years ago.

:qr:
OOF

Well I guess there is merit to the "don't even click on it" advice.

I was wondering whether there was some sort of password autofill going on, given that that's a very common browser feature these days that generally defaults to on...

The fact that it also bypasses the nag screen letting you know you are leaving Steam is another issue.

But the exploit was out of scope for the bounty program because it was considered social engineering.

Hopefully the mobile app update, when it ever releases, will have this somehow patched. In ValveTime.

:qr:
#7
Muppet among Puppets Jun 12, 2021 @ 6:38am 
Originally posted by cSg|mc-Hotsauce:
Clicking or tapping the link in the mobile app seems to automatically grab the login info. It was reported as an exploit 3 years ago.

:qr:
Really?
The added security app with steam guard and stuff? The two factor app?
Leaks login details if you click a link, as if it wasnt 2fa?

For 3 years?


As i said, people with the app are targets, email auth was safer.
#8
LowJack_VA1 Jun 12, 2021 @ 7:37am 
Originally posted by cSg|mc-Hotsauce:
Originally posted by Quint the Alligator Snapper:
OOF

Well I guess there is merit to the "don't even click on it" advice.

I was wondering whether there was some sort of password autofill going on, given that that's a very common browser feature these days that generally defaults to on...

The fact that it also bypasses the nag screen letting you know you are leaving Steam is another issue.

But the exploit was out of scope for the bounty program because it was considered social engineering.

Hopefully the mobile app update, when it ever releases, will have this somehow patched. In ValveTime.

:qr:
3 YEARS and Valve is just ignoring it. Valve just doesn't care about the mobile app, thats why I deleted my suggestion about the mobile app.
#9
Muppet among Puppets Jun 12, 2021 @ 7:52am 
Even most people who say how safe all this is could get in that trap.
But surely after they get told about it, they will just add another "do this to keep the safety app safe",
dont click links.

So far we know "dont login, dont agree to trades someone changed on your behalf unknowingly to you without indication, dont click links". Then you are safe with the auth app....... well, or without it to be honest.
Last edited by Muppet among Puppets; Jun 12, 2021 @ 7:56am
#10
Quint the Alligator Snapper Jun 12, 2021 @ 8:38am 
Originally posted by Muppet among Puppets:
Even most people who say how safe all this is could get in that trap.
And this is why I tell folks on the Steam forums to stop blaming victims and stop assuming that Valve is infallible.
#11
< >
Showing 1-11 of 11 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Jun 11, 2021 @ 9:07pm
Posts: 11
Start a New Discussion

Discussions Rules and Guidelines