- Feb 2, 2005
- 17,252
- 19
- 81
So my brother's steam account was hijacked last weekend. He told me that someone he was friended to sent him a link to download America's army for free. The site the link sent him to requested his steam username and password, and it looked just like steam's website. After entering his credentials, the site opened up his steam client and began downloading America's army. It's possible that this was completely legit, but since both his steam account and his email, which shared the same password we're compromised at very nearly the same time, I'm going with that as being the source of the trouble. Isn't Americas Army free anyway?
So I help him go through steam support's ticket system, give them all the information they need (full name, last 4 digits of cc#, etc)and get them to reset his password. Immediately I reset both the password to his email and steam accounts to something completely unrelated to the previous one. In addition to that I set a secret question for him (something he had neglected to do originally).
About 5 hours later my brother tried to login to his account and his password isn't accepted, so he clicks the "I forgot my password" link and then wanders off to watch tv or something. So when I get home (he's staying at my house this week) I discover that not only is the password I set no longer valid, but he's lost access to his email account again as well. He has two yahoo email accounts that are associated, so I was able to once again regain access to his yahoo email by resetting the password through the second uncompromised account.
I submitted another ticket to steam support, but I'm at a loss as to how he lost the account again. What's to stop this from happening a third time? Why didn't the completely random password plus security question stop this from happening this time?
I've even scanned the computer most of this activity occurred on for virii and malware, to no avail. I basically at a total loss here as to how this occurred. Any insight would be appreciated.
So I help him go through steam support's ticket system, give them all the information they need (full name, last 4 digits of cc#, etc)and get them to reset his password. Immediately I reset both the password to his email and steam accounts to something completely unrelated to the previous one. In addition to that I set a secret question for him (something he had neglected to do originally).
About 5 hours later my brother tried to login to his account and his password isn't accepted, so he clicks the "I forgot my password" link and then wanders off to watch tv or something. So when I get home (he's staying at my house this week) I discover that not only is the password I set no longer valid, but he's lost access to his email account again as well. He has two yahoo email accounts that are associated, so I was able to once again regain access to his yahoo email by resetting the password through the second uncompromised account.
I submitted another ticket to steam support, but I'm at a loss as to how he lost the account again. What's to stop this from happening a third time? Why didn't the completely random password plus security question stop this from happening this time?
I've even scanned the computer most of this activity occurred on for virii and malware, to no avail. I basically at a total loss here as to how this occurred. Any insight would be appreciated.