Zainstaluj Steam
zaloguj się
|
język
简体中文 (chiński uproszczony)
繁體中文 (chiński tradycyjny)
日本語 (japoński)
한국어 (koreański)
ไทย (tajski)
български (bułgarski)
Čeština (czeski)
Dansk (duński)
Deutsch (niemiecki)
English (angielski)
Español – España (hiszpański)
Español – Latinoamérica (hiszpański latynoamerykański)
Ελληνικά (grecki)
Français (francuski)
Italiano (włoski)
Bahasa Indonesia (indonezyjski)
Magyar (węgierski)
Nederlands (niderlandzki)
Norsk (norweski)
Português (portugalski – Portugalia)
Português – Brasil (portugalski brazylijski)
Română (rumuński)
Русский (rosyjski)
Suomi (fiński)
Svenska (szwedzki)
Türkçe (turecki)
Tiếng Việt (wietnamski)
Українська (ukraiński)
Zgłoś problem z tłumaczeniem
Zasady dyskusji i wytyczne
Zgłoś ten post
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560
Because the narrative of a "hacker" who simply steals your login data is ... unfortunately only a sometimes well-told story. But nothing more.
The guide above should answer all his questions.
1: Hijacking like this is common enough that we see threads exactly like this every day. and they all have the exact same cause. Every. Single. One.
2: If someone were to hack Valve's servers (which is an extraordinary feat I don't think you understand, by the way), why the hell would they decide to go after your friends account in specific instead of, I dunno, all that juicy payment and user data which is worth actual money and is actually worth their time and effort?
Let me explain how these things work.
Phishing is a crazy easy way to get control of people's accounts because you're relying on the weakest link in account security: The user themselves. It basically boils down to just asking the user to provide information they need by just telling you that they are someone they are not. Watch this video for more info on that: https://www.youtube.com/watch?v=BnmneAjVrM4
So, now that you know what Phishing is, let's talk about how this happens on Steam. There are a few common ways this happens. The most common methods involve asking you to log into a third party website through your Steam account. But, they ask you to give *them* your login information, rather than using Steam's system which redirects you to Steam for this. Some of these sites will generate a fake popup window that is designed to look like Steam's login window and they will try and get your credentials that way. Others will redirect you to a similar sounding domain which also mimics Steam's website. Still others will simply display a small image they made which claims to be some sort of evidence that they are in fact legitimate or authorized by Steam and here is a cheap .jpg anyone could create, copy, and display anywhere to prove the legitimacy.
What sort of sites do this? Very often, we see this happen from trading or gambling sites. these sort of sites usually look to hijack your account in a way to steal your items, as after you give them access they establish a web API so they can have a bot initiate trades to their own throwaway bot accounts to replace the trades you try and make with your friends. Sometimes this will accompany claims that your account is about to be banned and you have a limited time to send all your items away. Another common site that does this is the "vote for my team" scam, where you get approached by someone who tries to get you to vote for their team in some game or tournament or something. The site will give you fake login info, and then you'll lose access to the account when you enter the details. Usually these sites are trying to make money on your account by selling access to the account to people. Whoever buys access to the account could play any game in the library they like, and can even use whatever cheats they like since hey, not their account so what do they care if you get VAC banned?
So, no. Nobody sat down in a coffee shop wearing a hoodie and sunglasses while they type on their laptop until they pull out a flipphone, call someone, and say "I'm in". That only happens in movies.
When I sent the Facebook guy video (i recorded my screen for 8 hours that day before and during the hack) they actually uncovered a huge vulrnability that has to do with overloading the reset code Facebook sent me.
This is how it worked: I would request a new password from Facebook or request an email change. Now here is the vulnrability: the hacker also receives an alert that ‘someone is trying to change your password’.
IMMEDIATELY as the hacker receive this mail he pings Facebook with hundreds of WRONG codes in milliseconds. Now what happens when I enter my code? ‘You tried too many times, try again in 24h’
This is EXACTLY the same scenario here only the text is ‘re-captcha error’
So basically the hack works like this - hacker will go into your account and change email to his. This is so that his email recieves a notification when account info is being changed. As soon as you try to enter your reset code, he has already automatically flodded the reset page with hundreds of random codes in milliseconds causing your attempt to fail. Here it seems like the hacker is intentionally failing the captcha = making it 100% impossible to regain your account without contacting support. You can’t beat it once they are in, which is why this particular hack reminds me so much of my hacked facebook. The facebook guy I showed the video to was stunned that no one caught it earlier but guess what? All these websites refer to help pages where you can’t find and solve NEW hacks
When support reaches you to manually give you the a account it’s already too late. You cs:go skins are already cashed out into their paypal and they transfer and buy gifts to themselves that are immediately exchanged to Dollars.