Major Security Flaw allows hackers into computer via Steam

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details

This topic has been locked

FlyingMasterChef Feb 11, 2021 @ 9:17am

Major Security Flaw allows hackers into computer via Steam

I left my steam game running on my desktop computer. I went to my mom's and wanted to play on my laptop. I normally don't have the game running on my desktop when I leave but was in a hurry. When I clicked to run the game on my laptop Steam told me I would play it on my laptop but it was running via my desktop. YAY, so I thought...it's MUCH faster than my laptop but my net connection is insane fast. Well, as I was clicking around on the game and it wasn't doing what I wanted it to do (clicks towards the bottom of the screen were off by many pixels) I all of a sudden was looking at my desktop computer screen. I was able to access it just as if I were using a remote desktop app. Low and behold, if anyone had access to my Steam login and PW they would have full access to my computer if I left the game on. They would have access to everything. PW's, photos, files, documents, system files, etc... This is a major security flaw. I have taken a video of this and will be posting it online once I get home. This must be fixed!!!!! h

Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on. Then this happened to me and viola!!!! I called him back and told him to change his Steam PW and set up the 2 part authentication (what a royal pain in the ass as from what I read, Steam's version of it doesn't work much of the time for the actual account owner!)

Steam, you MUST fix this!!!!!! Oh, and how about making it way easier to actually report these issues directly to your tech support people. I have looked for 20 minutes and can't find anywhere to actually report this issue. How pathetic!!!!!! I bet the local news (easier to contact than Steam support) would love to do a story on this to help people NOT get screwed!!!!!

< >

Showing 1-15 of 44 comments

cSg|mc-Hotsauce Feb 11, 2021 @ 9:23am

Steam > Settings > Remote Play >>> Turn off the feature

The in home streaming feature has always done this.

Unless you give away all your account info, there is nothing to worry about.

Last edited by cSg|mc-Hotsauce; Feb 11, 2021 @ 9:24am

Nx Machina Feb 11, 2021 @ 9:24am

Accounts are NOT hacked they ARE hijacked via phishing.

Secondly you are accessing your main PC via remote play.

Edit: Post #1 tells you how to turn it off.

Last edited by Nx Machina; Feb 11, 2021 @ 9:27am

cSg|mc-Hotsauce Feb 11, 2021 @ 9:38am

Wait until you learn about Teamviewer.

But basic PC 101 is to turn off or sign out of your Windows account before leaving your house.

Originally posted by KaveMan:
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Users don't have their account hacked into.

Last edited by cSg|mc-Hotsauce; Feb 11, 2021 @ 9:40am

Brian9824 Feb 11, 2021 @ 9:43am

So the Major Security Flaw is that if you leave your PC logged in and unlocked and leave your steam game running, then login from another computer and provide your account credentials then you can access your steam games and desktop?

Ummm by that logic every remote desktop service in the world has a major security flaw as they all do the same thing.......

That is the entire point of Remote connection software so you can operate your computer and access it remotely.......

Not to mention you weren't even running 2fa which has a 100% success rate unless the user gives out their info and works perfectly, so no idea who is telling you otherwise on the forums.

Originally posted by KaveMan:
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Correction, not a single person on the forum has gotten hacked. They give away their info, and unfortunately Steam cannot fix stupid.

Last edited by Brian9824; Feb 11, 2021 @ 9:45am

Count_Dandyman Feb 11, 2021 @ 9:55am

Originally posted by KaveMan:
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Those are users like the OP that blame Steam and call it flawed for them opening all the security measures and giving other people access to their account and system.

The only way to prevent those is for the users to be booted and their accounts deleted.

Count_Dandyman Feb 11, 2021 @ 10:46am

Originally posted by KaveMan:
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Or it shows how much we do know including Gabes username and password he gave to the entire world when he threw down the gauntlet and challenged everyone to bypass the security systems to get into his account.

Nx Machina Feb 11, 2021 @ 10:55am

Originally posted by KaveMan:
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Or maybe you miss the very fact that the majority of those posting have scam sites in their profile name history and we know how they lost access to their account.

Who then is the naysayer?

Last edited by Nx Machina; Feb 11, 2021 @ 10:55am

Brian9824 Feb 11, 2021 @ 10:58am

Originally posted by KaveMan:
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Ok, then provide a documented case of it showing that hackers breached steams databases and were able to access and decrypt the account info, should be easy. I mean even Gabe gave out his username and password and no one has breached his key.

If it ever happened you'd see MILLIONS of accounts compromised and it would be all over the news.

Washell Feb 11, 2021 @ 11:03am

Do you write to lock companies pointing out the major security flaw in their locks? That if someone else has the key, they can open them!?

Last edited by Washell; Feb 11, 2021 @ 11:03am

Reaper Feb 11, 2021 @ 11:14am

Originally posted by KaveMan:
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Correction, you will see hundreds of thousands of stupid people who don't understand how to properly use a computer. Anyone who thinks steam servers has been hacked is an idiot

#10

Mad Scientist Feb 11, 2021 @ 11:37am

Originally posted by Satoru:
Originally posted by KaveMan:
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Ah you're very far on the Dunning–Kruger curve I see

I'd recommend you do not try to pretend you have expertise in an area where it is obvious you do not. Then again given your post history, its pretty obvious you're simply a drive by troll

Ironic.

Originally posted by KaveMan:
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Why would anyone want to try hacking into Steam when the easiest targets to rob from always fall for phishing attempts? The easiest route is what they use as it's the most profitable for their ill-intent. The amount of difficulty, hardware, and ability one would need would be excessively costly to the attacker compared to the easy solution. In order to even do such a thing you'd likely leave traces everywhere and get sued into oblivion as you sit in some prison.

#11

cinedine Feb 11, 2021 @ 12:35pm

Originally posted by FlyingMasterChef:
I was able to access it just as if I were using a remote desktop app.

Because you were using one. Remote play is nothing else.

Originally posted by FlyingMasterChef:
Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on.

So you're friend got his account login information leaked, left payment data saved in plain text somewhere, including the CVV and had a game running during the night? That's one hell of a lucky coincident for the "hacker".

#12

Count_Dandyman Feb 11, 2021 @ 12:56pm

Originally posted by cinedine:
Originally posted by FlyingMasterChef:
I was able to access it just as if I were using a remote desktop app.

Because you were using one. Remote play is nothing else.

Originally posted by FlyingMasterChef:
Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on.

So you're friend got his account login information leaked, left payment data saved in plain text somewhere, including the CVV and had a game running during the night? That's one hell of a lucky coincident for the "hacker".

I'm sure none of these "friends" were using shared or rented accounts to get access to a big library of games for less at all.

#13

Supafly Feb 11, 2021 @ 1:10pm

Errrr no.

You and your friend got infected by malware or something. If it was a security flaw more than you and your mate would have been affected. They also wouldn't have messed with you Steam account if they are after bank card information. They'd ignore it and move on.

#14