sparoc3 t1_j1ofc90 wrote
Reply to comment by ZsaFreigh in LPT: Got a Steam gift card for Christmas? Hold on to it after you put the code in. If your account gets hacked, you can use the old code to recover your account. by Worst_Support
My steam was hacked with a shit load of other websites where I have activated 2FA were hacked as well, the insane thing is I never even recieved the 2FA mails. But the hackers just changed PW and even email in some case. I'm sure it wasn't a key logger because the pw were just saved and I never put it in.
ZsaFreigh t1_j1oj7mr wrote
If your email shared a password with any of those accounts on compromised sites they would have access to your emails too, and be able to get to the 2FA and delete the email before you even knew it arrived. With Steam Guard though, it's not connected to email or a phone number, it's an app on your mobile device, so the only way to get in would be to physically steal your device first. Edit: or trick you into giving them the 2FA code, as another user said.
sparoc3 t1_j1okkx4 wrote
>If your email shared a password with any of those accounts on compromised sites they would have access to your emails too, and be able to get to the 2FA and delete the email before you even knew it arrived.
Nope, it was different. That's what got me so perplexed. Maybe they just stole all pw saved on browser still doesn't explain lack of 2fa mail.
And how does one get tricked in to giving 2fa lol. The same kind of people who share CC details with strangers.
One of my other email was hacked too, and the hacker is still trying to get in, it was a burner account so I don't care but steam keeps sending me 2fa mail which was conspicuously absent for my main account.
Steam guard is too much of a PITA cuz steam just keeps kicking the account off from phone and I had to re-login every time, I had it for a couple of months but then went back.
stoneagerock t1_j1os2dr wrote
Download Authy, or one of the plethora of other mobile Authenticator apps. Unfortunately can’t stop you from getting your creds phished by a fake page.
For that you need something like a FIDO2 key that supports key domain binding
sparoc3 t1_j1oul5b wrote
Naah I wasn't phised, I downloaded Adobe Reader crack and then nearly every account of mine was compromised. There's no way they went and reset every account, they must have simply extracted it from browser.
Now I'm using authy tho.
stoneagerock t1_j1pz3ku wrote
Sounds like you got tricked into downloading a keylogger.. only once!
sparoc3 t1_j1pzevt wrote
Idk if you followed the comment thread, I never entered any password everything was saved.
hitemlow t1_j1ortms wrote
> Steam guard is too much of a PITA
Ah ha! So you don't have 2FA enabled if you disabled Steam Guard.
sparoc3 t1_j1osnxv wrote
Both are different, steam still sends 2FA on mail, guard is only sent on phone.
hitemlow t1_j1ot238 wrote
Having email confirmation is basically worthless if your email was compromised. SMS is only slightly better in that they have to hack 2 devices or do a SIM swap scam. If you're not using Steam Guard through the app, you don't have 2FA.
sparoc3 t1_j1ots5c wrote
>Having email confirmation is basically worthless if your email was compromised.
That doesn't mean it's not 2FA.
My gripe is how the fuck did they get my steam password at all.
>If you're not using Steam Guard through the app, you don't have 2FA.
Two factor authentication simply mean 'two' means of authentication, first is password and the second is the code received on email.
Steam guard is an additional thing that necessitates you should be in possession of a particular phone. It's more than 2FA and more secure can said to be 3FA.
Every site on this world sends you code on mail/phone number when 2FA is activated.
dear_hearts t1_j1yc039 wrote
Same, my steam was hacked. I wasn’t phished because I’ve never put my steam acct or pass into browser and I don’t have any malware. My steam pass was unique to steam and they got in despite me having 2FA.
Steam support said it is possible to get in without 2FA but they would have to have my password and login. I also have a notification on my iPhone saying that password was in a data breach but Steam denied a breach and said I must have used the password somewhere else.
They didn’t even change my password, only user name and language which is how I noticed because my steam sale emails started coming in Thai.
sparoc3 t1_j1yc3rc wrote
I had like $5 in wallet, fuckers spent it on skins.
dear_hearts t1_j1ydbou wrote
I didn’t have anything in mine because it was linked to my PayPal (which I guess they didn’t have access to) But they logged in and out 5 times over a few days from two different locations in China.
I’m just annoyed with steam for being so shady about 2FA. Also why would anyone go into my account, change the language to Thai and the username to something in Chinese?
Viewing a single comment thread. View all comments