Hack attempts at Steam account

I know the WoW attempts are brazen and common but has anyone ever get password reset emails from Steam Guard that they themselves haven’t sent?

I had one a while back, though nothing came of it (I changed my password just in case). I think all they need is your email address to request a password reset, so it’s likely just people with lists of email addresses from compromised sites hoping for a lucky hit on an account on which they might be able to get email access.

Oh shit then. Wonder which site had my email address compromised. Dreamhost maybe? Hmm.

It’s fairly common. I had a password request maybe a month ago. About 3 years ago I had my account hacked and apparently sold over e-bay for $4. the technical help was good though and obviously got it all back with no worries.

You must own some really crap games. :)

I had 3 hack attempts in the last week including Steam, Apple and Directv, not sure if it was a coincidence. I started receiving those attempt messages too. I changed my PW and it stopped.

The weirdest was directv where someone called up to get my account number (which they gave them) and then changed my web account to order merchandise online (which has my CC since I do online bill pay). The tipoff was that the equipment came to my house. My guess is they were testing to see if it would work.

Geez, I hope you got up directv about that. They should not be giving out that info without some proper ID check designed to prevent social engineering. Personal data check, secret question, telephone pin number, etc, etc.

Recently one of the more prominent TF2 unusual hat collector had his Steam account hijacked (the value of his hats were probably around $25000.) He was a pretty technically savvy guy, did all the right things (long unique password, Steam guard, gmail 2-step) and had written articles in the community on how to guard against hijacking. The hacker had gotten in via social engineering Steam support.

That’s probably a good reason not to divulge too much personal information on searchable forum posts.

It’s actually worse. The agent said the call came from a number that was a Toll Free exchange. She said my records indicated that in 10 years of calling, that was the ONLY time a call was made from a number that was not my home account number, which is the number they use to verify it is you. I also notice that to purchase equipment on the DTV website, you need enter that special code for my CC. I’m thinking now that they must have had that to make the purchase too.

I’m preparing a very nasty letter to DTV.

Please tell me that’s a typo.

Nope, hats are serious business (though the market has crashed somewhat recently.) There’s a reason TF2 keeps getting updates.

(the value of his hats were probably around $25000.)

This just doesn’t feel right. Imaginary hats in a video game. But then I remember EVE Online. And I just shrug and go about my business.

i have like 400+ games on my account.

And I was wondering what happened to my $4 purchase … (j/k;)

resurrection (and not to bring back my bad joke above):

I have to say that I’m a little disappointed in Steam Guard. My account wasn’t stolen or anything, but I always thought there was a hash made particular to my PC that would stop anyone from logging in elsewhere without an ultra top super secret password that would be sent to my email. I just gutted one of my PC’s and added a new motherboard, CPU, and RAM but never had to access my email to get full control of the account (I kept my hard drives, fwiw). For a little while it said my security status was “email not verified” (?!?), but everything showed up as fine after entering my normal password when clicking for my account history. I never got an email. Is this functioning as intended?

Is there a story about this somewhere? I suppose there’s something since you’re reporting it. And you know how much those hats are really worth? $0.

No, the hats are worth whatever other people are willing to pay for them.

Like everything else, actually :-)

Money, and value of items is derived on perception of need and value, not some actual value set down in the laws of the universe.

It’s possible it could be tied to IP or MAC? Either of which might have remained the same (MAC for sure) if you’re behind a router.

Of course, that makes one wonder about potential hijackers obtaining and then spoofing that info. . .

Yeah, it’s behind a router (LAN gaming ftw!). I suppose that makes some sense, but as you mentioned it seems less secure than I’d originally hoped.