Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Did you make sure it was your real friend that sent the message (they could have already been compromised and it was the hijacker that messaged you)
but he just needed a file from steam to repair something. Not from soneone else.
So this doesnt make sense. And looks very suspicious.
What was the path in the steam folder of that file?
\Steam\config
-
I suggest to be carefull in the future to not give anything away anymore, nothing. Could be a follow up that in combination would do more than the single thing it appears to be.
And not trust emails even if they contain account name.
There is nothing in config.vdf that would help with the issue described. Config.vdf contains the following potentially sensitive information:
- The filename and location of the sentry files for all Steam accounts used on your client
- The account names for all accounts used on your client
- The decryption keys for the installers of every game you've ever downloaded (I can't believe these are plaintext, even on a local file)
- And a number of other sundry configuration keys
The first two could be used in the future as an attempt to scam you, via appearing like someone communicating with you has private information about your account and PC (technically, now, they do). The third can be used to decrypt Steam game installers. The fourth includes a ton of normally innocuous fields, but could give a scammer an edge in acting like they know about your account and PC.Going forward, be extra wary of anybody contacting you via Steam, Discord, or any method other than via Steam Support's ticket system; Valve will never contact you outside of official e-mails and the ticket system, and you should even be extra sure of any e-mails as now scammers can tailor extra-realistic fakes for you and e-mail addresses aren't exactly private. There's nothing in the file (aside from the decryption keys) that they can actively use against you, but they CAN try to appear extra legit in future scam attempts and they CAN use your account name to login-bomb you (keep attempting to log in to try to lock you out of login attempts).
Never give away a Steam .vdf file.
I myself was surprised to see decryption keys in that file, but I mean those files are supposed to be not touched. Yeah, valve could care a bit more, but if you don’t ♥♥♥♥ around, you don’t find out.