Brother's Steam account hijacked, restored, rehijacked immediately. WTF.

SlitheryDee

Lifer
Feb 2, 2005
17,252
19
81
So my brother's steam account was hijacked last weekend. He told me that someone he was friended to sent him a link to download America's army for free. The site the link sent him to requested his steam username and password, and it looked just like steam's website. After entering his credentials, the site opened up his steam client and began downloading America's army. It's possible that this was completely legit, but since both his steam account and his email, which shared the same password we're compromised at very nearly the same time, I'm going with that as being the source of the trouble. Isn't Americas Army free anyway?

So I help him go through steam support's ticket system, give them all the information they need (full name, last 4 digits of cc#, etc)and get them to reset his password. Immediately I reset both the password to his email and steam accounts to something completely unrelated to the previous one. In addition to that I set a secret question for him (something he had neglected to do originally).

About 5 hours later my brother tried to login to his account and his password isn't accepted, so he clicks the "I forgot my password" link and then wanders off to watch tv or something. So when I get home (he's staying at my house this week) I discover that not only is the password I set no longer valid, but he's lost access to his email account again as well. He has two yahoo email accounts that are associated, so I was able to once again regain access to his yahoo email by resetting the password through the second uncompromised account.

I submitted another ticket to steam support, but I'm at a loss as to how he lost the account again. What's to stop this from happening a third time? Why didn't the completely random password plus security question stop this from happening this time?

I've even scanned the computer most of this activity occurred on for virii and malware, to no avail. I basically at a total loss here as to how this occurred. Any insight would be appreciated.
 

KaOTiK

Lifer
Feb 5, 2001
10,877
8
81
You can't fix stupid SlitheryDee. Your brother fell for one of the oldest "scams" there is to get Steam accounts, so I wouldn't be surprised he has been clicking and entering stuff in other places. No offense meant.
 

Nintendesert

Diamond Member
Mar 28, 2010
7,761
5
0
It sounds like he's the problem more so than any malware on the computer. Though seeing as how he behaves I wouldn't be surprised if he opens and runs every executable he receives in his email too.
 

SlitheryDee

Lifer
Feb 2, 2005
17,252
19
81
You can't fix stupid SlitheryDee. Your brother fell for one of the oldest "scams" there is to get Steam accounts, so I wouldn't be surprised he has been clicking and entering stuff in other places. No offense meant.

I know, but he hasn't had time to give away the latest password that I personally set for him. He actually had trouble spelling the new password I gave him, so I'm not surprised by his initial inability to log in to steam, but the password reset for his yahoo email account occurred exactly 18 minutes after his failed steam login attempt. I know this because he clicked the "I forgot my password" link at 5:16 PM, and then his email password was changed unbeknownst to him at 5:34 PM, according to his email account. I can't imagine how someone could have gotten the new password unless there was key logging going on on that PC. Yet the computer seems to be clean by every means I have used to test it.

In any case, why would the breach occur so shortly after his login attempt? Is it coincidence? If so, then I'm left with the question of how did they crack a completely different password so quickly?
 

KaOTiK

Lifer
Feb 5, 2001
10,877
8
81
I don't know, I do suggest enabling Steam Guard though so at least that account can't be stolen again.
 

Kalmah

Diamond Member
Oct 2, 2003
3,692
1
76
Standard procedure at this point would be to do a virus scan, run malwarebytes, change all passwords. Make sure his email isn't auto-fowarding mail to somebody else. If nothing turns up I'd probably format just for the hell of it.
 

SlitheryDee

Lifer
Feb 2, 2005
17,252
19
81
I don't know, I do suggest enabling Steam Guard though so at least that account can't be stolen again.

Steam guard is enabled, but I set his email and steam passwords as the same combination of numbers and letters. Steam guard is worthless if they have access to your email. This was totally my fault, but I figured we could change it later today. I didn't realize how quickly the hijackers would react. When we get his account back I guess I'll have to associate it with a completely new email account.
 

I4AT

Platinum Member
Oct 28, 2006
2,629
1
76
Reformat + 3rd password change.

Also, check his e-mail settings for any forwarding/secondary recovery accounts that might have been set up?
 
Last edited:

Barfo

Lifer
Jan 4, 2005
27,554
212
106
You can't fix stupid SlitheryDee. Your brother fell for one of the oldest "scams" there is to get Steam accounts, so I wouldn't be surprised he has been clicking and entering stuff in other places. No offense meant.

He actually had trouble spelling the new password I gave him.
I'll reserve my opinion in case your brother is a small kid, or has developmental problems.
 

nsafreak

Diamond Member
Oct 16, 2001
7,093
3
81
Does your brother have a cell phone? You might want to see about getting him setup with a gmail account and set his steam account to use that account. And then further protect the gmail account by enabling the mobile phone authentication option that google has available. That'd make it practically impossible for somebody to reset that password at least.
 

diesbudt

Diamond Member
Jun 1, 2012
3,393
0
0
I know, but he hasn't had time to give away the latest password that I personally set for him. He actually had trouble spelling the new password I gave him, so I'm not surprised by his initial inability to log in to steam, but the password reset for his yahoo email account occurred exactly 18 minutes after his failed steam login attempt. I know this because he clicked the "I forgot my password" link at 5:16 PM, and then his email password was changed unbeknownst to him at 5:34 PM, according to his email account. I can't imagine how someone could have gotten the new password unless there was key logging going on on that PC. Yet the computer seems to be clean by every means I have used to test it.

In any case, why would the breach occur so shortly after his login attempt? Is it coincidence? If so, then I'm left with the question of how did they crack a completely different password so quickly?

It is a keylogger, they know every button you press on your keyboard.

Which means, go to a different safe computer, change all passwords, and fully sweep the other computers hardrive, either by reseting it to factory standards, or lots of protection programs.

That is the only way he could have had it stolen so fast after it being helped
 

JamesV

Platinum Member
Jul 9, 2011
2,002
2
76
Assuming your brother didn't talk about his logon information (he did enter his Steam user/pass in a link he got after all), then it is probably a keylogger (from that link probably).

Still have the link he took to get AA? I'd forward that info to Steam and see what they say (along with the friend's username that gave the link).
 

cyphilis

Senior member
May 7, 2008
454
0
0
I suggest rolling up a newspaper, and hitting your brother with it while saying "Bad,.. BAD BAD BAD!"
 

alkemyst

No Lifer
Feb 13, 2001
83,967
19
81
Is he doing something like

POkeMoN1 for his original password

POkeMoN2 for his new password?
 

SlitheryDee

Lifer
Feb 2, 2005
17,252
19
81
I'll reserve my opinion in case your brother is a small kid, or has developmental problems.

He's 12, and it occurs to me that I may have never given him the "guard your login info with your life" speech. It's a stupid mistake, but now he knows better I guess. What irks me is that if he had just followed through with the "forgot you password" process immediately, he could have beaten the hijackers to the punch. Instead I guess he just thought "oh well big bro will fix it", and went off to watch the Disney channel. Now I have to format/reinstall one of my pcs, wait for steam to restore the account a second time, and set him up an entirely new email account to associate it to. This is a kind of a bitch.

I still don't know how they got his secret question information. All that was set up on a different computer. Maybe the secret question isn't required to change login info and email association?
 
Last edited:

diesbudt

Diamond Member
Jun 1, 2012
3,393
0
0
He's 12, and it occurs to me that I may have never given him the "guard your login info with your life" speech. It's a stupid mistake, but now he knows better I guess. What irks me is that if he had just followed through with the "forgot you password" process immediately, he could have beaten the hijackers to the punch. Instead I guess he just thought "oh well big bro will fix it, and went off to watch the Disney channel. Now I have to format/reinstall one of my pcs, wait for steam to restore the account a second time, and set him up an entirely new email account to associate it to. This is a kind of a bitch.

I still don't know how they got his secret question information. All that was set up on a different computer. Maybe the secret question isn't required to change login info and email association?

If you do it is possible the keylogger was on there long enough for someone to type the secret anwser in which he/she acquired it.

Almost make sure the password is complex. One of my older passwords was C7yksdep01qw! Works well perosnally.