Home
Products
Community
Manuals
Contact
Login or Signup

Steam account hack attempt

Miscellaneous Forums/General Discussion/Steam account hack attempt

MadJack(Posted 1+ years ago) #1
Some idiot in Germany's trying to guess the password to my Steam account - I've been getting about 8 emails from Steam pretty much each night, with the following;

'Your account on Steam Users' Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address: 91.47.86.173'

I'll inform Steam, but I thought my fellow blitzers might be able to turn up some info/advice first ;-)


ziggy(Posted 1+ years ago) #2
Maybe you can change the username of your account?


Plash(Posted 1+ years ago) #3
He is indeed in Germany.

Makes me curious.. maybe it is someone related to Blitz, we have a bunch of Germans around here, or so it seems :P.

I suggest changing your password to something incredibly long and cryptic (although I would assume anyone with programming experience would have a decent password).


GaryV(Posted 1+ years ago) #4
I don't understand the issue. Pretty much goes along with buying something that uses Steam's crappy DRM doesn't it?


Plash(Posted 1+ years ago) #5
Pretty much goes along with buying something that uses Steam's crappy DRM doesn't it?
What makes it crappy? All you do is buy a product and enter your key, then after downloading the product you can only run the product when you're logged in Steam.

I don't understand the issue.


puki(Posted 1+ years ago) #6
If it is the same IP then they either haven't rebooted or signed off their account - or they are routing through it.

Certainly does appear to be German. Interestingly, it was a German (or someone using German cover) who was trying to steal Blitz account details.


MadJack(Posted 1+ years ago) #7
puki

The IP does change with each email - other ip's listed in this last round of emails are;
91.47.86.173
91.47.119.42
91.47.95.155
91.47.74.249
91.47.67.210
...

so does this sound like some sort of automated process to you?


puki(Posted 1+ years ago) #8
That is good.

They are not routing through an IP.

woo hoo - Christmas is getting exciting.


GaryV(Posted 1+ years ago) #9
so does this sound like some sort of automated process to you
Yes

I love the fact that Steam has the problem and their solution is to punish you by locking your account for a period of time. Security issues/concerns like this, yet developers are trusting Steam to protect their software?


puki(Posted 1+ years ago) #10
I bet they show up in #blitzbasic.de or www.blitzbasic.de logs.

I suggest German Blitzers check their own #blitzbasic.de logs.

"klepto" was the person squeaking about being hacked - he is often in #blitzbasic.de - he can report back his findings.


GfK(Posted 1+ years ago) #11
Didn't that login harvesting attempt a couple of weeks ago originate in Germany? Coincidence?

[edit] ...and slightly o/t - didn't there used to be a French flag up top of this site next to the German one?


Plash(Posted 1+ years ago) #12
I love the fact that Steam has the problem and their solution is to punish you by locking your account for a period of time.
I'm happy for the 'solution', if they didn't lock my account for a while the 'hacker' could keep trying to get into my account.

Just because you can't play something doesn't mean its the end of the world.


MadJack(Posted 1+ years ago) #13
I don't understand the issue. Pretty much goes along with buying something that uses Steam's crappy DRM doesn't it?

Eh? What part don't you understand? Someone's trying to break into my Steam account.

I love the fact that Steam has the problem and their solution is to punish you by locking your account for a period of time.

I don't think Steam's being unreasonable here.


Plash(Posted 1+ years ago) #14
...and slightly o/t - didn't there used to be a French flag up top of this site next to the German one?
I think so.. probably linking to Filax's site.


MadJack(Posted 1+ years ago) #15
Calling Klepto...


puki(Posted 1+ years ago) #16
He won't understand that.

Callin ze "klepto" - gitten ze here - we awf thinks to diskus about ze war - no not the war - about ze hacker - tellus unf vot you no. Is you knowing ze IPs that unf dor were posted - orders - orders - orders must be obeyed at all times. No, wait - slippage. unz himmelstein - ze IP - recognizee ze sausage in Berlin has achtung ze baby.

Not sure if I Babelfished it right - but it is a start.


Amon(Posted 1+ years ago) #17
The other stupid thing about Steam is when someones account is hacked and the hackers get the account VAC banned Steam refuse to lift the ban.

There policy states that under no circumstances will they lift a VAC ban ever.

That means you could have loads of games and your account gets hacked, they then join the VAC secure servers with cheats and hacks enabled ofr the game or even worse trying to hack other accounts via the messaging system, then the account gets VAC banned.

When you get it back you can't go on any of the official, fast ping; always busy, servers anymore and your stuck with ones that are crap.

:/


xlsior(Posted 1+ years ago) #18
Not much you can do, other than complain to Deutsche Telecom AG with the IP addresses and date/time stamps -- although it's unlikely that they'll care enough to do something about it.

You can find their contact info here:
http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=91.47.86.173&do_search=Search

To look up the contact info for the owner of an IP block, check these sites:
North America: http://www.arin.net
Europe: http://www.ripe.net
Asia / Australia: http://www.apnic.net
Africa: http://www.afrinic.net
South America / Caribbean http://www.lacnic.net

...which kind of displays an inherent problem with schemes like Steam: it's trivial for someone else to essentially perform a denial-of-service attack against you, and prevent you from playing your games.


Genexi2(Posted 1+ years ago) #19
Not sure why there isn't an option to request an IP-range ban for your account specifically. Would fix your problem temporarily until they bust out the proxies.


GaryV(Posted 1+ years ago) #20
Eh? What part don't you understand? Someone's trying to break into my Steam account.
You are using steam, yet complaining about something that is very common for steam users.


MadJack(Posted 1+ years ago) #21
I'm using Steam as I have a game being sold on Steam - ergo, I need to use Steam.


Amon(Posted 1+ years ago) #22
I'm using Steam as I have a game being sold on Steam - ergo, I need to use Steam.


TankUniversal is the shizzz! :D


Picklesworth(Posted 1+ years ago) #23
Further, Steam is perfectly adequate. Compared to StarForce, for example, it is a godsend. Really no different (rights management wise) than the concept of needing to own a game console to play a game, except that you don't need to fork out piles of money for the hardware; it's just a free software download. (Except for the whole fear of banning thing, which really needs some consumer-friendly government intervention).

I love the fact that Steam has the problem and their solution is to punish you by locking your account for a period of time.
That's completely standard procedure for absolutely any self-respecting user account authentication. Just like that pause if you get the wrong password on a Mac or Linux system (for some reason not on Windows) to make sure that nobody can brute force the password within reasonable time since there is always the same limit between each attempt. Completely adequate for most humans, but not for software.
If they didn't do that and someone got in thanks to his completely unhindered capacity to brute force the password in a few days, you would be accusing Steam precisely of not doing that.


Amon(Posted 1+ years ago) #24
Steam atm is facing a huge backlash from its European customers. There have been banninga galore on their forums.

1 Dollar = 1 Euro pricing is a scam whether they like to admit it or not.

1 person was banned for simple making a list of the games available on steam, their pricing and the pricing of the same games available via retail.

In nearly all comparrisons if you bought the game via retail you paid an average of 25% less for the game. That's just the price difference. Steam still add 20% vat on top of that at the checkout, even for countries that don't need to pay Vat.

They have stickies on their forums that tell you to be carefull of account hijackers, fare enough, but account hackers are getting extremely clever with the way they get access to Steam accounts which are not theirs. The other thing is several, and I mean a lot on a large scale, have posted on the forums stateing that there are a few groups who intentionally steal and hijack Steam accounts just to get them VAC banned and send haha emails to the owners.

What's steams reply to this? "Don't care, the VAC ban will not be removed".

Steam account Hijacking is widespread. Infact it's on epidemic levels. One in every 10 PM's received in the steam community is from a hacked account. The hacker uses the friends list of the hacked account to contact the hijacked account users friends tricking them in to revealing their passwords or getting them to sign up to websites where their account is then hacked also.

Valves own Team posted saying that there will be huge delays when dealing with support tickets from people who want to reclaim their stolen accounts. They also felt it necassary to say also that there will be no VAC unbans for any account that were VAC banned when while they were in the theifs possesion.. :/ There was a major forum lockdown after that last message was posted. I wonder why.

5 days ago steam altered their forum signup requiring MOD or Admin activation in order to keep repeated banned members who question thie obvious theiving practicies and Draconian methods from reposting on the forum.

Rant over. :)


Dabhand(Posted 1+ years ago) #25
Use Steam... Get Burnt.. Seems perfectly rational to me.

Dabz


GaryV(Posted 1+ years ago) #26
Use Steam... Get Burnt.. Seems perfectly rational to me.
I agree.


Brucey(Posted 1+ years ago) #27
didn't there used to be a French flag up top of this site

heh... yeah, but they all had a fit when Mark mentioned that Max3D was going open-source...
So I think they decided to blow up the chunnel and disassociate themselves from the rest of the world... ho hum :-)

maybe I should start handing out chill pills...


GaryV(Posted 1+ years ago) #28
fit when Mark mentioned that Max3D was going open-source..
Although the Google translation was hilarious, I am sure the posts were even funnier if things didn't get lost in the translation.

maybe I should start handing out chill pills...
I had some of those back in the 60s when they were legal. Good stuff IIRC.