Adding a friend doesn't get your account hijacked that not how it works ever.

How accounts are hijacked.
A) Logging into scam sites aka phishing.

There scammers that setup fake pages to look legit as possible, either the two methods such as fake url address which you can tell by actually comparing, and the JavaScript fake page on a website that shows real Steam url, but the window is tunnel via scammer server.

B) Sharing login information with others, or using same login information for everything.

There scammers will use same details you used that was leaked, or given by you, to try access emails, and other stuff to try get anything from you, the major problem is that if they get access to email they try do recovery process that one way of the issue can happen. Another is scammers will try to impersonate as whatever to try trick you into giving them anything they ask from you such as login details, money, or etc...

Sharing with others is another major issue, if you share with someone they could login to phishing site, or share it with someone without you knowing.

C) Virus is a big deal, if you download, and run/install sketchy things, even things from people you don't expect to get something to download randomly, or piracy, which scammer can keylog, record data, and more.


D) Logging on public devices, or devices not of your own.

As you never know if scammer affected the device, hence C) talked about.

引用自 cSg|mc-Hotsauce：

Then, show a source for the exploit no one has encountered by simply adding a friend.

...and it better not be due to clicking some random link.

:winterbunny2023:

My guess is phishers are now using fake friend invite URLs (those with the s.team url shortener) to lure people into signing in on faked Steam sites.

引用自 989：

These days it seems like accounts can get hacked multiple ways!

Always were, always will. Just like in real life there's multiple ways to con people and conmen keep rotating them over time.

The amount of account theft here is basically minimal (Even if you see here several threads on the subject there's tens of millions of people logging in daily without getting their accounts compormised) A pale shadow of what it was at its worst moment in regards account theft.

引用自 Tito Shivan：

引用自 cSg|mc-Hotsauce：

Then, show a source for the exploit no one has encountered by simply adding a friend.

...and it better not be due to clicking some random link.

:winterbunny2023:

My guess is phishers are now using fake friend invite URLs (those with the s.team url shortener) to lure people into signing in on faked Steam sites.

Like I said before; This happened over a decade ago, and NO links were involved. Once I realized what happened, they (the hacker/s) who I recently just added as a "friend" openly admitted to doing it, and bragged about it!

After removing them from my friends list, and changing everything, I wanted to find out how they did it... Eventually I found a YT video showing how easily it could be done just by being added as a "Friend".

No idea if this loophole still exists today; which is why I won't post the video, or explain how it was done!

引用自 989：

While browsing through different forums here; I've seeing multiple topics about [accounts being hacked, and money stolen]❗ After all these updates and unnecessary changes Valve/Steam has made, people are still getting hacked! 😢

I remember the 1st time my account got hacked over a decade ago... I found out through a YT video how it was done so easily. Just by adding a "friend". [No details on how for obvious reasons]. This is why I stopped accepting "Friend Requests" ever since then.

These days it seems like accounts can get hacked multiple ways! So what's the solution? 🤷🏻‍♀️ Educating people on what to look out for can be a start.

If as you claim Steam accounts are hacked please explain hown in 19+ years i have never lost access to my Steam account, and that includes before Steam Guard Email and Steam Guard Mobile existed.

The reality is accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Note:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.

引用自 989：

引用自 Tito Shivan：

My guess is phishers are now using fake friend invite URLs (those with the s.team url shortener) to lure people into signing in on faked Steam sites.

Like I said before; This happened over a decade ago, and NO links were involved. Once I realized what happened, they (the hacker/s) who I recently just added as a "friend" openly admitted to doing it, and bragged about it!

After removing them from my friends list, and changing everything, I wanted to find out how they did it... Eventually I found a YT video showing how easily it could be done just by being added as a "Friend".

No idea if this loophole still exists today; which is why I won't post the video, or explain how it was done!

Crying wolf and cant show proof of wolfs. Genius

引用自 989：

Apex has been hacked so many times I quit counting. And it surely will happen again. Hackers will always find a way...

Your thread topic is about Steam Accounts.

引用自 989：

引用自 Tito Shivan：

My guess is phishers are now using fake friend invite URLs (those with the s.team url shortener) to lure people into signing in on faked Steam sites.

Like I said before; This happened over a decade ago, and NO links were involved. Once I realized what happened, they (the hacker/s) who I recently just added as a "friend" openly admitted to doing it, and bragged about it!

After removing them from my friends list, and changing everything, I wanted to find out how they did it... Eventually I found a YT video showing how easily it could be done just by being added as a "Friend".

No idea if this loophole still exists today; which is why I won't post the video, or explain how it was done!

You can always talk to support if you're that sure such exploit exist, but the fact this doesn't work as you claim, or else everyone just being friends, or adding a friend would automatically be hijacked at alarming rate.

For all the years I been on here before the restrictions on friend invites, and after added changes, all the scammers do is invite, then send you a link to a phishing site, or impersonate to trick you.

Most popular is trade/gambling sites where you think they're legit, but end up logging via phishing site.


Sometimes when scammer see someone have mobile 2FA added on the account after getting access, they would try to trick the victim into trading items to a "friend" from their list, which there already API key on the victim account setup by the scammer, so when victim trade it redirects victim to scammer alt account that copy the "friend" display name, and picture. Another scare tactic in this is them doing impersonate where they change your display name, and info on your profile saying your ban, and try scare you to trade items, and send them money.

Again none of this is how you claim by just adding a friend, as only way someone can take your account is if you gave them access to your account.

引用自 Nx Machina：

引用自 989：

Apex has been hacked so many times I quit counting. And it surely will happen again. Hackers will always find a way...

Your thread topic is about Steam Accounts.

Read post #8 and #20.

引用自 989：

Read post #8 and #20.

I read them.

Your thread topic is about Steam accounts being hacked while you attempted to shift the goalposts with Apex Legends which was an RCE exploit. Zero to do with Steam.

Steam accounts are PHISHED because just like you they gave away all their account details.

Secondly i ask again as you skipped post #34.

If as you claim Steam accounts are hacked please explain how in 19+ years i have never lost access to my Steam account, and that includes before Steam Guard Email and Steam Guard Mobile existed.

Post #34 quoted below:

引用自 Nx Machina：

If as you claim Steam accounts are hacked please explain how in 19+ years i have never lost access to my Steam account, and that includes before Steam Guard Email and Steam Guard Mobile existed.

The reality is accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Note:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.

How close am i to GUESSING your account details?

Account name: FluffyBunny? BlackSun?

Password: Chuckleberry? Ddd6758?

Steam Guard Mobile Code? Oh! Wait it changes every 30 seconds.

引用自 989：

引用自 Nx Machina：

Your thread topic is about Steam Accounts.

Read post #8 and #20.

Look up "Remote Code Execute"

There problem with Apex game itself as the game had vulnerability due to RCE, but this had nothing to do with Steam side this was EA problem when you play apex you read exactly what I said, when you play apex. Hence has nothing to do with adding friends on Steam as you're claiming.

The RCE take control, injects, or collect things from victim device, hence not a steam side issue, user side issue that victim of RCE when played apex.

the population is on the rise...

steam send on wish list mail outs and game purchases...

why cant the send out spam awarenss emails each year with stats...

how many steam users needed account recovery.... and how can i avoid it..

引用自 ragefifty50：

the population is on the rise...

steam send on wish list mail outs and game purchases...

why cant the send out spam awarenss emails each year with stats...

how many steam users needed account recovery.... and how can i avoid it..

PSA are nice, but too many just ignores, or be ignorant thinking it can't happen to them.

Sometimes the best way to learn for some people is when it happens to them, otherwise not much can be done. Phishing always gonna be a factor, same with virus's, and people being to gullible falling for scams.

If only PSA actually worked scammers be out of the business lol.

引用自 Nx Machina：

引用自 989：

Read post #8 and #20.

I read them.

Your thread topic is about Steam accounts being hacked while you attempted to shift the goalposts with Apex Legends which was an RCE exploit. Zero to do with Steam.

If you read post #8 & #20 as you claim you did, and still don't understand, then I can't help you.

As for everything else you typed... Big corporations like Sony with "top security" features have been hacked multiple times since the PS3 days. Gaining access to PSN accounts among other things!

So what makes you think steam is more securer than them or Capital One?

引用自 Dr.Shadowds 🐉：

引用自 ragefifty50：

the population is on the rise...

steam send on wish list mail outs and game purchases...

why cant the send out spam awarenss emails each year with stats...

how many steam users needed account recovery.... and how can i avoid it..

PSA are nice, but too many just ignores, or be ignorant thinking it can't happen to them.

Sometimes the best way to learn for some people is when it happens to them, otherwise not much can be done. Phishing always gonna be a factor, same with virus's, and people being to gullible falling for scams.

If only PSA actually worked scammers be out of the business lol.

not much... is a bit different to nothing...

too many PSA sure... but i dont think i have ever gotten anything from steam
to warn me about the known scams that are going on...

are steam doing anything...

引用自 Dr.Shadowds 🐉：

Look up "Remote Code Execute"

There problem with Apex game itself as the game had vulnerability due to RCE, but this had nothing to do with Steam side this was EA problem when you play apex you read exactly what I said, when you play apex. Hence has nothing to do with adding friends on Steam as you're claiming.

As I said before, my incident with the "friend hack" happened over a decade ago. Long before Apex even existed. 2 different things, but both involve steam accounts being hacked.