My 13 year old sons account hacked - Email compromised.

All Discussions > Steam Forums > Help and Tips > Topic Details

nufc Apr 11 @ 9:38am

My son told me yesterday someone hacked his outlook and changed the password, changed his steam password along with all of his other accounts etc. They left a draft pinned and flagged to his email account with a big long list of demands etc a small part of it is below.

--------------------------------------------------------------------------------------------------------------------------------
Hey, kieron ****
What happened here?
About a few months ago, I gained access to your devices and started tracking your online activity.
I was able to hack into your computer and access your email: kieron*********@outlook.com. Your password was easily compromised.

Your password: B**********

What's next?
After a week, I had already installed a Remote Access Trojan (RAT) [Learn more about this] in all your devices.
In fact, it was not difficult at all (since you were clicking on malicious links from incoming emails).
-------------------------------------------------------------------------------------------------------------------------------

It goes on saying he has naked pictures etc of my 13 year old son and demands $500 in bitcoin. Knowing a bit about security myself i got access to his outlook account changed the password, logged out all known devices (from my own pc), set up 2 factor auth and formatted and reinstalled windows on his pc.

After contacting steam and getting a password reset etc i managed to recover his account change his password and everything was fine. Today when he came home from school to play on his steam account he noticed he had been logged out again. We tried to reset his password but the email address is now not linked to a steam account. I tried to create a ticket to get the account back but there is currently a ticket already open under his email (when i reset it yesterday) so cant even do that.

I am totally out of idea's on what to do as he plays with all of his school friends etc everyday on steam.

I am really sorry for the long message but please can someone recommend what i can do from here i cant afford to just make a new one and buy all of the games back.

< >

Showing 1-10 of 10 comments

OGE Apr 11 @ 9:43am

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

OGE Apr 11 @ 9:44am

https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

nufc Apr 11 @ 9:51am

Originally posted by OGE:
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

Thanks for the reply but somehow even after deauthorizing all devices via outlook changing the password etc he hacker has deleted every single email received from steam and also removed them from the deleted messages folder so i cant recover them :(

J4MESOX4D Apr 11 @ 9:59am

Recover the account once again like before and in the meantime try and find out where he went wrong again.

nufc Apr 11 @ 10:05am

Originally posted by J4MESOX4D:
Recover the account once again like before and in the meantime try and find out where he went wrong again.

It wont let me recover it as there is already a open ticket connected the his email address (this open ticket was created yesterday when he lost his account. The hacker has deleted the ticket from his emails so we cant close the ticket to create a new one.

To be honest i have no clue how the hacker could have took his account again as i fully wiped his gaming pc back to factory settings and changed any passwords etc with my home pc that i know is not infected.

magicISO Sweden Apr 11 @ 10:26am

You must be logged out of all accounts to start the account recovery process.

You don't need access to the email, phone or password currently tied to the hijacked/hacked account for this to work. Just pick the "I do not have access..." or a similar option when asked.

And to help you sign-in: https://help.steampowered.com/en/wizard/HelpWithLogin

A step by step guide to the recovery process:
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

https://help.steampowered.com/en/wizard/HelpWithAccount

Accounts are phished not hacked.

You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

RPG Gamer Man Apr 11 @ 11:44am

Might be good for your son to learn about cyber security class. They have free ones usually at govenment institutions like a library where you and your son can learn about safety on the internet. This will be a good bonding experience with your son, and also a good way to learn to keep your accounts on the internet safe.

miamew3 Apr 11 @ 1:38pm

These are some of the ways he could have given away his login information away.

*Have you been asked to vote for a team/tournament/pixel art?
*Have you been asked to register for a tournament?
*Have you used any third-party site for gambling or trading? (doesn't have to have been recent, they can keep your info for years, waiting till you build up your inventory)
*Have you logged in on a public device?
*Have you entered any giveaways/giveaway groups?
*Have you tried to claim any "free 50$ gift cards"?
*Have you been invited to a playtest via a link in chat?
*Have you talked to an "admin" after being "accidentally reported"?
*Does someone else use your PC or your account?

Muppet among Puppets Apr 11 @ 6:55pm

These emails are usually randomly send as "spam" to create pressure in those who bite the bait.

They might have gotten some detail from an earlier leak or phishing to sound surpising and convincing.
Maybe your son used the leaked password for email too, so he got both problems. "Scary email" and someone using his email account.

Better safe than sorry, good that you secured the computer. Change all passwords for improtant accounts and use 2fa, especially for email from now on.

And tell your kid: Dont install random stuff. Never log into links or buttons.