安装 Steam
登录
|
语言
繁體中文(繁体中文)
日本語(日语)
한국어(韩语)
ไทย(泰语)
български(保加利亚语)
Čeština(捷克语)
Dansk(丹麦语)
Deutsch(德语)
English(英语)
Español-España(西班牙语 - 西班牙)
Español - Latinoamérica(西班牙语 - 拉丁美洲)
Ελληνικά(希腊语)
Français(法语)
Italiano(意大利语)
Bahasa Indonesia(印度尼西亚语)
Magyar(匈牙利语)
Nederlands(荷兰语)
Norsk(挪威语)
Polski(波兰语)
Português(葡萄牙语 - 葡萄牙)
Português-Brasil(葡萄牙语 - 巴西)
Română(罗马尼亚语)
Русский(俄语)
Suomi(芬兰语)
Svenska(瑞典语)
Türkçe(土耳其语)
Tiếng Việt(越南语)
Українська(乌克兰语)
报告翻译问题
此主题已被锁定 
讨论规则及指引
举报此帖
Well, if is the case, that's scary. I am pretty careful believe it or not. My biggest slip up was keeping my passwords in a word document. I went through my various accounts last night changing passwords on a different computer, it seems he wants nothing else. If he accessed my password file and got my recovery code, that same file had a lot more in it, including an origin account with no mobile authenticator, only has mass effect 3 on it but still an easy target. Also had paypal password, credit card account, facebook, youtube, ebay, amazon, etc. All of it. He only wants my steam account. He last logged into it nine hours ago and changed its name but that is it. Probably wanted to find tradeable items if I could guess. I wonder if it is the same guy from October. He changed my name and left messages in Croation last time, this time it is Slovenian.
So that computer has never has any serious viruses that malwarebytes or the malwarebytes anti root kit detector have ever found, or superantispyware. I do regular checks. You think wireshark might detect strange activity?
I will continue to treat it as compromised and I am going to start backing things up for a reformat. Would turning a vpn on that system distrupt his communication with it by any chance in the meantime? Web cam is unplugged.
Well yea, but I was talking concrete data. I looked at it and I do not know what I am looking at. Right now I am working to reformat my computer. It is disconnected from the internet. I unplugged the ethernet cable. It is not going back on until it is reformatted.
So I thought we could ponder this.
1. My email (yahoo) was using mobile confirmation, if they tried to access my email they would have to send a text to my phone number containing a code. Not the same as an authenticator, but that alone still should have been hard to bypass.
2. My steam account was using mobile authenticator, it was on my phone.
3. I had my passwords stored in a word document on my computer, this included my steam account password and recovery code, as well as my email password.
4. It was the same guy, he changed my profile name to a very similar name as was done in October after the first time I was hacked.
So, if he got remote access to my computer he could have accessed a lot of stuff, he only hijacked my steam account. I had a lot of account passwords on there, youtube, facebook, twitter, paypal, ebay, amazon, origin, and a credit card company account.
He hijacked nothing else but steam. If he had remote access and logged into those accounts, he could have learned some personal information (nothing devestating thankfully), and he could learn the last four digits of my visa and credit card. My paypal account was empty. I have since changed all of these passwords, everything is on paper, nothing is on a computer now.
I was thinking that maybe he hacked my phone, but it is probably the same guy (unless he just looked at previous names used and picked a similar one to throw me off), and steam guard was only put on my phone after the first hack. Before the first hack I had regular steam without the mobile authenticaor, it was just email confirmation, and the first time my email was definitely hacked. I don't think it was the phone. I do wonder if malware could exist on an android device and steam steam guard information though.
So, again, if he accessed my computer remotely, he could have obtained my steam guard recovery code, and my steam password. If that is the case, then when trying to add a new device and using that recovery code, it sends a text code to my phone, I just tested it.
None of this explains how my email didn't have the emails from steam telling me there was a change though, how could he have possibly hacked into my email if it required a mobile confirmation?
That said, I am using a different email provider now, it has its own mobile authenticator like steam, not just text message authentication like yahoo.
Computer is totally reformatted, didn't do a windows restore or anything like that, I formatted the drive and put a clean copy of windows 10 on it. How worried should I be of the possibility it was one of those super sophisticated viruses that is capable of imbedding in the bios or firmware? Or could it have just been some sort of remote access?
All passwords (and recovery codes) are on paper. Steam has mobile authenticator with a new recovery code. It has a new email address with its own mobile authenticator and recovery code. My computer is reformatted. Everything is on paper. So what would it take for him to hack me again?
Those things were needed.
Dont know how he could erase the email change email, but maybe he did it while you were logged in.
Save your computer, phone and accounts. Whatever it was, this is the way to go by the symptoms.
One file did it.
What's worse is that the most recent discovery of hacks, occurred almost 4 years ago. It took them four years to realize a breach occurred and last time I looked, they still did not know how it happened. Is their mobile account key difficult to bypass? Maybe, but their track record for security is abysmal to put it lightly.
It's not altogether helpful in figuring this issue out, but overall something worth thinking on.
Thinking back to the last time you were hacked though, was there enough information in your email and on your Steam account for them to go through support and prove ownership? That's the only possibility I can think of that would not require them to have access to your phone or email and something that may not generate an email to your yahoo address.
If he was using a remote access tool, he had my password and recovery code, for sure. I stored that file on my desktop in a .txt file.
However though, I just tested it using this account, in order for me to use the recovery code and get into this account via steam guard and make a new authenticator with new code, it had to send me an SMS code. That's where I would think he would have hit a dead end. As for him deleting the email, if he had a remote access tool it would have been easy, I probably just left the tab on chrome still logged in, I can see myself doing that.
I just hope that the reformat was enough to get rid of the remote access tool.
Yea, I've been reading about yahoo. I'm done with them. I'm going to try outlook now.
I know for sure my yahoo email was hacked months before last Obtober, the activity log shows many different countries. Before the first hack I wasn't using mobile authorization on my yahoo email. Maybe my account login details were sold as part of a bulk of stolen login details to someone? I'm just thinking of possibilities. But it was hacked into and I didn't know it until my steam account was hacked later in October. The reason I feel sure the steam hacker was in my email was because all my steam related emails were conveniently deleted, I found out when I was looking for invoice numbers to prove my ownership of the steam account. The kicker though is that he could have hijacked that email and didn't, he let me keep my password for it. I promptly changed the password to that email, and within the same day steam support had my account back in my hands, where it later got hacked a couple days ago the second time.
What if your idea is right? What if there never was a remote access tool? I had that email linked to many different things, I made a lot of purchases and such. The things that meet the criteria for visa information according to steam is...
Name
Billing address
Last four digits on the card
So yea, those shouldn't have been hard to find. When you buy things doesn't it often give you a confirmation in your email telling you the last four digits of the card used? Full name and address would have been easy to acquire as well. So he might have just made his own ticket and disputed ownership, maybe even both times. That would explain why it took months after my email was hacked that he got my steam account, and why it took months again for him to get it back. Steam support staff probably didn't find it totally convincing, he probably kept making tickets until one of the steam support staff slipped up.
So how do I stop this from just happening again? I suppose I should get my visa card number changed for one, use a credit card instead of visa to purchase something, Maybe use paypal to buy something on steam, buy a steam gift card and put something in my steam wallet with it, and activate a physical product key to my steam. The more proof of ownership I can use for another potential hack the better. I'd recommend this to everyone who reads this.
So I'd say those are the two most likely scenarios. Remote access tool, or he disputed ownership with stolen information from the original email hack.
Edit: Thats what he could have done with access to your computer:
"Having backup SteamGuard codes ensures you can use them to remove your old phone number and register a new one."
That way no access to phone is necessary to completely log you out if the computer and account is remote accessed.
Could you test if creating those codes with steam client requires an sms?
Okay, I'm pretty sure I know how he did it, it all adds up, I'm about 90% sure. There probably never was a remote access tool, I still treat it as a possibility though and glad I reformatted.
What he did was simple, he disputed ownership.
First lets start back in October, I found out my yahoo email was hacked because my steam was hacked. When I looked through the email logs I saw it had activity from all around the world.
He also had linked my yahoo email to a backup email that was not mine. Probably hoped I wouldn't catch it. I'm not going to use the real name he kept using, I'm going to call him, "Toda", instead and use fake names. So the backup email I found linked to my yahoo I'm going to call was "Todaroad@gmail.com". When I tried to recover my steam account I saw my email was changed, steam doesn't show you the full email, so it looked something like this, "T*******@g*****.com". So as you can see, same email. My profile name had been changed as well, lets say it was "TodaAndHill". All steam related emails were gone from my yahoo mail, all the confirmation numbers from years of purchases. No doubt he kept these. He also probably dug through my email to figure out the last four digits of my visa, full name, and address.
From here I created a new yahoo email, gave it two step verification, made a steam support account and linked it to the new email, made a ticket and gave steam proof of ownership to my steam account, within the same day I had my steam account back. It was linked to the new yahoo email. I enabled steam guard with the mobile authenticator on my phone. I thought I was safe because I didn't think it through.
He still had the last four digits of my visa, name, address, and he had years of invoice numbers. Eventually (a few days ago) my steam was hacked again, and he probably used that information as proof of ownership to do it. My profile name was changed again, lets say it was "TodaBoss".
That brings us to when I created this thread. From here I asked for advice here, made this steam account and went to steam support and created a ticket. I showed them enough proof of ownership, and within a couple days I had it back.
So what do I do from here? Will steam allow him to use that information still? He has invoice numbers, my name and address, and I can doing nothing about that fact. What I did just do it unlink everything from yahoo, yahoo is dead to me now. All passwords and recovery codes are on paper. I just went to my bank and explained the situation, they deactivated my old card and gave me a new one. As soon as I got home I made a small purchase on steam with it. I will be keeping all invoice numbers on paper now. What I'm wondering is this, will he hit a roadblock now that he does not have the last four digits of my new card? I'm also going to use other credit cards in my name to make purchases, use paypal to buy something, and at some point buy a steam gift card.
As to your last question, when I did a test using this account, the recovery code does indeed work, but it wanted sms verification as well. Maybe there is process to bypass this with steam support? I'm not sure. I'm not ruling out the remote access tool theory, I just think the other scenario makes more sense now that I have been thinking about it.
I hope others stumble into this. I'm not able to find anything online of their steam accounts being stolen this way, but if they get into your email, and your email contains the right information, what's to stop them from using it to dispute ownership? I wish steam would tell me how it was stolen, they were helpful in getting my account back quickly, but I'd really like something other than automated responses.
Its a serious problem.
Dont know why your 4 digits were kept in emails.
Ask them how you could be safe from this happening AGAIN with the situation of likely stolen former proofs of purchase from yahoo email that were used to gain access. (IF that actually was what happened).
Make it short and precise. Make it obvious what happened when! And what informations were stolen from that yahoo email account.
Try to keep proofs that are older and unbreached.
I'll do that then. I'm going to use this account instead of my main one though when contacting them, wouldn't it suck if my main account was hijacked again in the middle of it all while my ticket was with that account? Hopefully they keep logs so they can see they transfered ownership of my main account over and over. I don't have very old purchase invoices unfortunately. The oldest invoice I have is late November. He has years of invoices before this and he deleted the emails so there is no getting them back. My new card has my name on it though, and he doesn't have those digits.
As to how he got my last four digits, I'm pretty sure some sites email you something like, "Thank you for making your purchase on such and such", followed by, "Visa ending in 0000", and an invoice number and name with billing address. Steam just says "visa" but I don't think all sites are that careful. If he didn't have the last four digits maybe all of those invoices, name, and address were enough.
As for possible remote access tool, I'm worried about putting my backups back on, what if he hid something in my pictures or word documents that will install itself? It's like a couple hundred gigs. All backed up on dvd right now, need to buy myself another hard drive for dedicated back up storage, or flash drives.
Yea, I have it on paper now, all of my passwords as well.
As you have a new credit card with your name, and made a purchase so they see its valid, this should be your proof of purchase from now on. As this is probably the only thing the hijacker doesnt have.
You must keep the reply to the ticket obvious, simple and precise. You dont want to mess up the situation.
That ticket is closed. I thought it was resolved. What if I made a new ticket and linked them to the closed one?