13 year old gets owned trying to hack a Steam account

[waggy]

http://forums.anandtech.com/showthread.php?t=2240986

lol damn i hope that was a troll...

 

[DigDog]

good for him, he needs to learn somehow that life bites hard.

 

[CPA]

sad thing is, if a parent had done this to his child, he would have probably been dragged into court.

 

[dave_the_nerd]

Wow. Everyone in the world is dumb.

 

[TwiceOver]

no way that is real

This

 

[Markbnj]

"Hey, I'm that guy who's here to do the things on the stuff. Username and password?"

"Huh? Oh, right, ok. That stuff. Here: <username and pass>"

Sometimes it's nearly that simple.

I would have called that general social engineering, and 'phishing' a subset of social engineering that involves a fake web page/email. But perhaps the term has come to be used more generally.

 

[SKORPI0]

Either this is a repost from a long time ago or its the second such incident I've heard about.

It's from a Oct 2006 thread, non-ATOT
https://community.futuremark.com/forum/showthread.php?23914-Mwahahah-(milk-comes-out-of-nose)

OP is 9 1/4 years too late. :thumbsdown::thumbsdown::thumbsdown:

 

[Jeeebus]

no way that is real

It's on the internet. Therefore it is true.

 

[destrekor]

Huh? 😵 I never even said that.

Sorta sounded like you did. Maybe I read it wrong? I don't mean to attack, it's just something I feel anyone in IT should be aware of.

I was reading up on this physhing stuff and it is a very scary reality, these bored teens go around and try to get into random people's accounts by going in help chats and from there they can access all their other accounts too as they can just keep getting more info on the person to get other services to reset passwords. Once they get access to your email then they pretty much own your whole online life as they can password reset everything else.

I would have called that general social engineering, and 'phishing' a subset of social engineering that involves a fake web page/email. But perhaps the term has come to be used more generally.

And yeah, I too goofed, this is simple social engineering at its finest.

 

[HeXen]

If he duped the kid into giving his n/p. I assume he changed the password? Wouldn't' that just go to the kids email saying it's been changed?

 

[Red Squirrel]

Sorta sounded like you did. Maybe I read it wrong? I don't mean to attack, it's just something I feel anyone in IT should be aware of.

No I was just reading up on specific incidents, and just pointing out how damaging it can be. It's not just you as a user being attacked that can be problematic, but a SR at a company in which you have a service with, which can then lead to your accounts being taken. So basically even if you personally take all precautions, you can still end up hacked if some support SR falls for it.

I guess that would fall under a different type of fishing, probably more social engineering. Traditional fishing is the user getting an email or what not, and the user has to take action to get taken, but there seems to be a trend now where "hackers" (I hate to use that term) will fisch support people into getting someone else's account info.

It's super easy to do with Amazon support. You pretty much just need to know the email associated with the account.

Example:
http://arstechnica.com/security/201...rvice-was-the-weak-link-that-spilled-my-data/

Several people have tried this and it works each time. Kinda scary really.

 

[rga]

I can't believe it's real, but it was funny to read.

"Greg... Greg... Greg... Go mow some yards, bitch."

Good punchline.