Jai Jan 21, 2017 @ 5:24pm
Threatened by a hacker, need some advice.
So i play a game called Rust, which some of you readers might know of. I play with a group of players, and about 3 weeks ago we recruited this new guy, he seemed all cool until we played against him in practice, his shooting was extremely suspicious, someone called it out and he admitted to having no recoil hacks. We pretty much said "your out of the clan" because he didnt tell us. He still types to me, and has not been VACed from the game yet, he does have many EAC bans from servers however.

I was talking to this guy earlier, having a fairly friendly discussion but i dont really want to get involved in his business but what he said kind of got me worried http://prntscr.com/dyoub3

What he did type was not very threatening more challenging me to deny him what he wanted but this makes me shun the idea of removing him or something like that because i feel like making him mad may not be the best decision.

My problem is i dont know if i should take this seriously, i could just block all communications and have one less worry, but he for sure does have my IP, considering i have been in teamspeak with him many times and can connect to our TS whenever he wants because he is not banned from that. The problem is, even if he cannot attack my account he may be able to get my IP and do other things like DDoS or the likes.

Another thing that kind of put me on edge was he said "we" not "me" which makes me suspect he knows people who can do things as well. Any advice in a situation like this would be appreciated thanks.

Last edited by Jai; Jan 21, 2017 @ 5:27pm
< >
Showing 1-12 of 12 comments
The Giving One Jan 21, 2017 @ 5:27pm 
Accounts cannot really be "hacked". He is just chest thumping and trying to sound scary.

Accounts can be phished, but that requires failure on the user's end to allow that to happen.

Account Security Recommendations

https://support.steampowered.com/kb_article.php?ref=1266-OAFV-8478

If you suspect wrongdoing, you can report that user on the profile under the "more" drop menu.
Originally posted by ¯\_(ツ)_/¯ Dead Eagle:
He still types to me, and has not been VACed from the game yet, he does have many EAC bans from servers however.
VAC bans are delayed. They can be delayed for days/weeks, maybe even longer. The account may have already been flagged for a future VAC ban, if he is using identifiable cheats.
Last edited by The Giving One; Jan 21, 2017 @ 5:29pm
Mal Jan 21, 2017 @ 5:36pm 
your original account name/email is not exposed via steam api. hes just being a skid and trying to scare you. both these basically mean you can block him and move on with your life

also @giving one they can but only under certain conditions in which op does not fall under and many others, mobile auth also blocks people from doing much
Last edited by Mal; Jan 21, 2017 @ 5:36pm
The Giving One Jan 21, 2017 @ 5:38pm 
Originally posted by Zoofie (Card Farming):
also @giving one they can but only under certain conditions in which op does not fall under and many others, mobile auth also blocks people from doing much
Those other conditions require user involvement, as such that is not "hacking". But thanks for the reply and the suggestions.
Jai Jan 21, 2017 @ 5:39pm 
Appreciate the help, i'll just remove him from my friends list and move on i guess.
The Giving One Jan 21, 2017 @ 5:40pm 
Originally posted by ¯\_(ツ)_/¯ Dead Eagle:
Appreciate the help, i'll just remove him from my friends list and move on i guess.
Best thing to do to any bully is totally ignore them. Good luck to you in any case.
Mal Jan 21, 2017 @ 5:49pm 
Originally posted by The Giving One:
Originally posted by Zoofie (Card Farming):
also @giving one they can but only under certain conditions in which op does not fall under and many others, mobile auth also blocks people from doing much
Those other conditions require user involvement, as such that is not "hacking". But thanks for the reply and the suggestions.
completely wrong, but thanks for backing up the advice to the user to ignore and block him.
Mal Jan 21, 2017 @ 5:49pm 
Originally posted by ¯\_(ツ)_/¯ Dead Eagle:
Appreciate the help, i'll just remove him from my friends list and move on i guess.
take screenshots like you have already and make sure to use the report feature on their profile. they may receive a community removal or ban.
The Giving One Jan 21, 2017 @ 5:52pm 
Originally posted by Zoofie (Card Farming):
completely wrong, but thanks for backing up the advice to the user to ignore and block him.
If you have certifiable proof of a Steam account being hacked for real, feel free to post it please. Thanks.
I feel uncomfortable discussing this subject since I don't know where Valve draws the line. I just want to help and isn't encouraging anything bad.

I assume having Steam mobile authenticator on Android using your Google account doesn't make it so any other Android device which use the same login also get access to a functional Steam mobile authenticator. Or does it? I don't know.

Anyway. I don't know what e-mail provider you use but if it was say Gmail without two-factor authenticator and Steam was using that with no additional security features then knowing your password to your e-mail would be enough (though he won't know that one if you pick a good one so .. There's also the scenario that he could break into your machine logging your keypresses which would sort that one out but I don't know how likely that would be.)

However if you turn on two-factor authentication in Gmail and get an SMS with a code from them which you have to use to login into your e-mail then someone would have to spoof your phone / listen of the cellular network to be able to get such a code. I assume which wasn't all that hard to do using GSM so it's a possibility but it's more likely.

Now if you use the Steam mobile authenticator and if that can't be installed onto random Android device by owning your Google account (is logging in enough? I assume that require the mobile authenticator already? ..) then having access to your e-mail account wouldn't be enough. He'd also need to have access to your mobile phone (well, this is true for iOS devices too I guess) which won't be the case so as far as the non-human security features of the system chances are likely good that you don't have to worry much about his threats.

If you wanted to raise the security of your account then install the mobile authenticator if you haven't already, enable two-factor authentication on your e-mail if you can and even better change the e-mail you use for Steam to one which you don't normally use and which is only used for Steam so he can't figure out which one it is.

That's the technical aspect. However there's also the human one with password recovery for those who the account actually belong too. I don't know how Valve handles any requests for help with gaining access to ones account if one have used the mobile authenticator and then lost it but chances are that if he for instance had access to your payment details or some account with Steam keys you've activated and so on maybe he could trick himself to gain access regardless of the former. Maybe then Valve could help you out if that turned out to be the case but I think that's the larger risk than the technical solutions IF YOU USE THEM. I do recommend you to use them.
As said part of the problem is the human though. Like for instance say someone was an agent or political activist or what not and had their stuff encrypted. Maybe then the technical solution as long as the human wasn't involved was strong but say that person got a life-threat onto them unless they granted access. How would that affect things?
So I can't answer for how HUMANS would react. Also the technical solutions may not be perfect and I don't even know how they work in details (as for instance whatever the Steam authenticator could easily get installed on multiple devices) so I'm not really qualified to give good answers and the best would likely be that you contacted Valve about it and then they could help you and maybe even in the best of words flag your account so they are more protective of it or investigate into how he have behaved.

He could possibly still cause havoc against you with DDoS attacks or whatever social/online behavior even though your Steam account would be pretty safe.

Personally I don't think he will be fun to have on your friends list and I guess I would just remove and block him.

But yeah, if you haven't have a good e-mail password already, haven't enabled two-factor authentication even if you can on your e-mail and on Steam maybe now is a good time to do so? :)

If you have bought game-keys on some webpages using the same e-mail address then improving your e-mail safety will help protect you there too but maybe you should also change the passwords to something better on those sites? As said I guess using a special e-mail address which they (others) won't know about could provide some extra security by obscurity too :)

Keeping your browser up to date, if not paying for anti-virus maybe running something like Avast! or so, maybe disable Flash (and PDF-plugins?) and not follow any suspecious links could help in protecting your PC. I don't know what games you play but if you played the games in say Linux you'd likely gain some more security by obscurity there too, though I guess many of these online threats may be multiplatform even if Windows may be the more obvious target. So it's not necessarily "safe" there either.
It's just the same there with the human aspect. Even if Microsoft had their own store and used signed executables and asked you if you really trusted the software provider and so on as long as you were willing to also fetch and run software from under places and let it run with whatever rights it won't protect you. The thing is though that we are social beings and we kinda have to trust each other at-least to some degree / society works like that and it's much easier to act together if we do trust each other / can trust each other / trust is grnating us benefits.

I'm sorry you had to deal with this person :/.
I hope I could be to some help and ease your worries a bit and give you some suggestions :)
Best of luck! :)

(Edit: As for you changing IP doesn't know as long as he know the current one, in regard of DDoS I don't really know what protections there is but I assume the solution when you're overwhelmed is to contact those who route the traffic onto you and ask them to block the traffic, maybe your ISP or in the case of VPN provider or so would do that when they noticed the problem, maybe the response is automized. I don't know. I assume chances are one may just have to live with it (for then) though. It's not so simple as just being aware it's happening at-least. Compare it with a physical mailbox, if you got post it will simply come even if you are aware of it. What you need to do is to tell the mailman to stop deliver it, and then the post-office may want to stop it from reaching them and so on.
(Another pretty funny thing when it comes to the security solutions is like when they have implemented authentication by a camera to check the face of the user because we all look different and then someone can beat that by simply showing a photo .. The better systems likely can figure out it's a photo but you get the idea for what may be the problem, same with finger-print scanners and molds of fingerprints. Isn't there some movie where someone use the actual eyeball? ..))
Last edited by Aliquis Freedom & Ethnopluralism; Jan 21, 2017 @ 6:55pm
Rule of thumb:
If someone begins to say things like "we have your ip, then we guess your account name and then try the password",
its funny. Nothing else.
Mal Jan 21, 2017 @ 7:29pm 
Originally posted by Muppet among Puppets:
Rule of thumb:
If someone begins to say things like "we have your ip, then we guess your account name and then try the password",
its funny. Nothing else.
its more sad then funny. i see skids threatening people alot of the time and they dont realise it takes alot of effort to get anywhere and alot of information thats not always publically available. what makes me laugh the most is when they say they have a friend in support or they have an automated hacking tool XD
Originally posted by Zoofie (Card Farming):
Originally posted by Muppet among Puppets:
Rule of thumb:
If someone begins to say things like "we have your ip, then we guess your account name and then try the password",
its funny. Nothing else.
its more sad then funny
Funny in the meaning of laughable
< >
Showing 1-12 of 12 comments
Per page: 1530 50

Date Posted: Jan 21, 2017 @ 5:24pm
Posts: 12