Major Security Flaw allows hackers into computer via Steam

所有讨论 > Steam 论坛 > Suggestions / Ideas > 主题详情

此主题已被锁定

FlyingMasterChef 2021 年 2 月 11 日上午 9:17

Major Security Flaw allows hackers into computer via Steam

I left my steam game running on my desktop computer. I went to my mom's and wanted to play on my laptop. I normally don't have the game running on my desktop when I leave but was in a hurry. When I clicked to run the game on my laptop Steam told me I would play it on my laptop but it was running via my desktop. YAY, so I thought...it's MUCH faster than my laptop but my net connection is insane fast. Well, as I was clicking around on the game and it wasn't doing what I wanted it to do (clicks towards the bottom of the screen were off by many pixels) I all of a sudden was looking at my desktop computer screen. I was able to access it just as if I were using a remote desktop app. Low and behold, if anyone had access to my Steam login and PW they would have full access to my computer if I left the game on. They would have access to everything. PW's, photos, files, documents, system files, etc... This is a major security flaw. I have taken a video of this and will be posting it online once I get home. This must be fixed!!!!! h

Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on. Then this happened to me and viola!!!! I called him back and told him to change his Steam PW and set up the 2 part authentication (what a royal pain in the ass as from what I read, Steam's version of it doesn't work much of the time for the actual account owner!)

Steam, you MUST fix this!!!!!! Oh, and how about making it way easier to actually report these issues directly to your tech support people. I have looked for 20 minutes and can't find anywhere to actually report this issue. How pathetic!!!!!! I bet the local news (easier to contact than Steam support) would love to do a story on this to help people NOT get screwed!!!!!

< >

正在显示第 1 - 15 条，共 44 条留言

cSg|mc-Hotsauce 2021 年 2 月 11 日上午 9:23

Steam > Settings > Remote Play >>> Turn off the feature

The in home streaming feature has always done this.

Unless you give away all your account info, there is nothing to worry about.

最后由 cSg|mc-Hotsauce 编辑于; 2021 年 2 月 11 日上午 9:24

Nx Machina 2021 年 2 月 11 日上午 9:24

Accounts are NOT hacked they ARE hijacked via phishing.

Secondly you are accessing your main PC via remote play.

Edit: Post #1 tells you how to turn it off.

最后由 Nx Machina 编辑于; 2021 年 2 月 11 日上午 9:27

cSg|mc-Hotsauce 2021 年 2 月 11 日上午 9:38

Wait until you learn about Teamviewer.

But basic PC 101 is to turn off or sign out of your Windows account before leaving your house.

引用自 KaveMan：
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Users don't have their account hacked into.

最后由 cSg|mc-Hotsauce 编辑于; 2021 年 2 月 11 日上午 9:40

Brian9824 2021 年 2 月 11 日上午 9:43

So the Major Security Flaw is that if you leave your PC logged in and unlocked and leave your steam game running, then login from another computer and provide your account credentials then you can access your steam games and desktop?

Ummm by that logic every remote desktop service in the world has a major security flaw as they all do the same thing.......

That is the entire point of Remote connection software so you can operate your computer and access it remotely.......

Not to mention you weren't even running 2fa which has a 100% success rate unless the user gives out their info and works perfectly, so no idea who is telling you otherwise on the forums.

引用自 KaveMan：
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Correction, not a single person on the forum has gotten hacked. They give away their info, and unfortunately Steam cannot fix stupid.

最后由 Brian9824 编辑于; 2021 年 2 月 11 日上午 9:45

Count_Dandyman 2021 年 2 月 11 日上午 9:55

引用自 KaveMan：
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Those are users like the OP that blame Steam and call it flawed for them opening all the security measures and giving other people access to their account and system.

The only way to prevent those is for the users to be booted and their accounts deleted.

Count_Dandyman 2021 年 2 月 11 日上午 10:46

引用自 KaveMan：
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Or it shows how much we do know including Gabes username and password he gave to the entire world when he threw down the gauntlet and challenged everyone to bypass the security systems to get into his account.

Nx Machina 2021 年 2 月 11 日上午 10:55

引用自 KaveMan：
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Or maybe you miss the very fact that the majority of those posting have scam sites in their profile name history and we know how they lost access to their account.

Who then is the naysayer?

最后由 Nx Machina 编辑于; 2021 年 2 月 11 日上午 10:55

Brian9824 2021 年 2 月 11 日上午 10:58

引用自 KaveMan：
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Ok, then provide a documented case of it showing that hackers breached steams databases and were able to access and decrypt the account info, should be easy. I mean even Gabe gave out his username and password and no one has breached his key.

If it ever happened you'd see MILLIONS of accounts compromised and it would be all over the news.

Washell 2021 年 2 月 11 日上午 11:03

Do you write to lock companies pointing out the major security flaw in their locks? That if someone else has the key, they can open them!?

最后由 Washell 编辑于; 2021 年 2 月 11 日上午 11:03

Reaper 2021 年 2 月 11 日上午 11:14

引用自 KaveMan：
Just browse the forums you will see hundreds of thousands of people getting hacked, scammed, phished on a daily basis. Steam has become the biggest criminally run platform in history.

Correction, you will see hundreds of thousands of stupid people who don't understand how to properly use a computer. Anyone who thinks steam servers has been hacked is an idiot

#10

Mad Scientist 2021 年 2 月 11 日上午 11:37

引用自 Satoru：
引用自 KaveMan：
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Ah you're very far on the Dunning–Kruger curve I see

I'd recommend you do not try to pretend you have expertise in an area where it is obvious you do not. Then again given your post history, its pretty obvious you're simply a drive by troll

Ironic.

引用自 KaveMan：
Laughing in the faces of everyone who denies, refuses, opposes, or is skeptical or cynical about something. There are always naysayers who say it can't be done.

Just shows you how little do they actually know...

Why would anyone want to try hacking into Steam when the easiest targets to rob from always fall for phishing attempts? The easiest route is what they use as it's the most profitable for their ill-intent. The amount of difficulty, hardware, and ability one would need would be excessively costly to the attacker compared to the easy solution. In order to even do such a thing you'd likely leave traces everywhere and get sued into oblivion as you sit in some prison.

#11

cinedine 2021 年 2 月 11 日下午 12:35

引用自 FlyingMasterChef：
I was able to access it just as if I were using a remote desktop app.

Because you were using one. Remote play is nothing else.

引用自 FlyingMasterChef：
Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on.

So you're friend got his account login information leaked, left payment data saved in plain text somewhere, including the CVV and had a game running during the night? That's one hell of a lucky coincident for the "hacker".

#12

Count_Dandyman 2021 年 2 月 11 日下午 12:56

引用自 cinedine：
引用自 FlyingMasterChef：
I was able to access it just as if I were using a remote desktop app.

Because you were using one. Remote play is nothing else.

引用自 FlyingMasterChef：
Oddly enough, a friend of mine called me about 10 minutes before I found this issue and told me that his computer had been hacked about 2 am and someone had opened up folders on his desktop as well as his web browser and had used his CC info to buy over $3000.00 online. His bank fixed all that for him but he couldn't figure out how they got on.

So you're friend got his account login information leaked, left payment data saved in plain text somewhere, including the CVV and had a game running during the night? That's one hell of a lucky coincident for the "hacker".

I'm sure none of these "friends" were using shared or rented accounts to get access to a big library of games for less at all.

#13

Supafly 2021 年 2 月 11 日下午 1:10

Errrr no.

You and your friend got infected by malware or something. If it was a security flaw more than you and your mate would have been affected. They also wouldn't have messed with you Steam account if they are after bank card information. They'd ignore it and move on.

#14