it's those .png files going around lately. People add someone then pop a link with a .png at the end which steals their accounts. Alot of people don't know clicking on that .png file will allow someone to hack into your account. Prior to them putting the 5 dollar lock to add friends I'd get 3 - 4 new adds daily from level 0 profiles which would immediately hit me up with a message telling me I won, or asking me I had this game or that game for sale, the link would always end with .png.. I'd never click on it. even people I have traded with in the past, I'd still never click on links they provided if the link was from a site other than Steam or steamgifts...
Comment has been collapsed.
yeah it's pretty convincing unless you know to look for it. I'm a suspicious person by nature which I why I never clicked on any links period from people for the longest time. I can imagine someone young getting their account hacked by not knowing any better. or possibly a console gamer who switched to PC or runs some PC games as for the most part the worst someone can do to you on a console via the console itself is force shut the system down or boink you off a certain games servers..
Comment has been collapsed.
Yes, any link can silently redirect you to potential malware. It's always best to use security add-ons in your browser that prevent redirecting or any scripts from unknown sources.
Comment has been collapsed.
I don't. But maybe because I've been paranoid for a long time now and I'd never open such links and I'm very suspicious when it comes to such things.
Comment has been collapsed.
A lot of people have added me lately with that .png file. "Is this you naked?" Yeah, like I'm gonna fall for that.
Comment has been collapsed.
I actually got one of those about a month ago. I didn't know about them, so I clicked on it but realized my mistake immediately. I think I closed out of whatever it opened(if it opened anything) and ran a virus scan on my system.
Yeah, it was stupid of me, but what's done is done. Anyone have any advice as to what I should do to make sure I'm completely safe?
Comment has been collapsed.
Install (or run a complete custom scan) with a proper AV, possibly from a USB stick given it's post-infection, maybe slap MBAM's Chameleon on a USB stick and run it first whilst offline; also something like GMER if you don't mind a little more reading. Change all of your passwords (and never use the same one for anything) from a clean machine (use overkill-strenght passwords, possibly >256 bits of entropy if you're able to remember them) using a virtual keyboard and enable TFA authentication, and last but not least get a TEMPEST shielding to your wires & get a honeyfarm (ok, just kidding on these last two points). With that in mind there's no such thing as "completely" safe though those steps should give you a reasonable amount of peace of mind.
Comment has been collapsed.
I got a honeyfarm, but the bees keep stinging me when I try to get to the delicious honey. Am I doing something wrong?
Comment has been collapsed.
Perhaps you're beeing too greedy.
Comment has been collapsed.
at min, 256bits of entropy would be a 43 charterer random password. This is above and beyond what any brute force attack will deal with.
Comment has been collapsed.
Way I see it the issue is that people are still thinking in terms of passwords instead of passphrases because they have yet to realise that search space is more important than entropy.
Entropy is not the only factor to be taken into account, lenght is increasingly important - in many instances moreso than entropy. One can generate a password with "acceptable entropy" such as 60 bits (which is usually considered safe to protect financial information) using just 12 characters (and that is clearly not long enough in 2015).
256 bits / 40+ characters sure is overkill as of now, I stated as much, but for how long I wonder - and how hard can it be for someone to remember a long passphrase whilst keeping a high level of entropy?
I like to borrow this for example's sake.
Maybe it's just me but I find remembering things such as "c0rr3Kt H0R$3 battEr¥ st@p\è" (28 characters / 170 bits as opposed to the example's - a net gain of 126 bits compared to the passphrase in the example) quite simple by setting some mnemonic rules and self-salting so to say. That's 28 characters, I don't usually go below 45ish, still haven't forgotten a password in years and never used the same one twice - and believe me, my memory is far from good. It's just a matter of habit in setting some rules and sticking to them, when that's done the only thing worth remembering is a simple phrase and a grain of salt here and there.
That being said I'm paranoid, that was never being questioned.
Comment has been collapsed.
It isn't so much .png files as it is malware-laden web sites that they link to in chat. There is NEVER a need to click a link to trade with someone on Steam. If someone "can't send you a trade request," they're either lying or they aren't someone you ought to be trading with.
There are a few image hosting sites (one or two in Europe I know of) that aren't necessarily "bad" domains, but they allow their users to host code on their site which CAN install malware on your system.
It makes no sense that they couldn't more easily tell you the name of the second game they are offering (the first one is almost always Asimov) than link you to a picture of it. I do think the trick is helped because there's one game that is maybe less enticing but the link offers hope that the alternative might be.
Comment has been collapsed.
How do they add those .png files? Do they just send you a link as a message?
Comment has been collapsed.
It's more often JPEG files that are exploited. There aren't any active PNG 0days right now, but there are several JPG sploits that haven't been patched.
Comment has been collapsed.
Take into consideration that maybe 50,000 of them are all the same kid's TF2/CS:GO idling alts.
So that leaves roughly 20-30 thousand to worry about.
Comment has been collapsed.
Here's the important part:
-
Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.
-
If you've been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
-
Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
Comment has been collapsed.
pls can someone explain me why they don't add a normal 2 step verification via sms for trades?is there other reason than the cost?
If you have a 2 step verification in your email,phone added in steam and steam guard enabled via email i believe you are 100% safe and tbh more safe than mobile authenticator enabled.
Comment has been collapsed.
Because reasons. Also some bullshit about using their very own authenticator (that is so unique that WinAuth just simply added it to its list of authenticators…). And it is on two mobile OSs only also because reasons.
Probably just money though. That 730 million profit is just not enough to spend money on useless things as customer convenience, gotta pay the texture editors to make more CS:GO skins from something.
Edit: Oh, and my favourite, their reason that because smartphones are more secure. I guess the news that Android phones could be hacked for years from anywhere in the world with a few infected installer packages just flew by their radar.
Comment has been collapsed.
So can those that don't have smartphone or don't want to download steam authenticator on it use WinAuth to do the trades? That'd be awesome as I don't have smartphone.
Comment has been collapsed.
Those who don't have Android/iOS devices can use WinAuth to log in. But if you want to trade anything, ever, you need a phone that can receive SMS, and BlueStacks with the Steam app running on it, because trades require the app to verify the transaction, not a code. (It's similar to the email link verification.)
Of course if you use more than one computers to access Steam, you need to install BlueStacks on each and every one. This is why I cannot do it: 2-3 workplace PCs, 1-2 at home, 1-2 if I travel to frequented places to stay for a day or two.
Comment has been collapsed.
a googie voice account will work, for americans, for sms
Comment has been collapsed.
I doubt the SMS is a problem to anyone, the problem is you need the Steam app which is only iOS/Android so you either need a device which is running on one of those 2 or something like BlueStacks (Android emulator for PC). But as talgaby said you would need it on every PC where you use Steam
Comment has been collapsed.
You can trade without authenticator, you just need to wait 3 days for the trade to finish.
Comment has been collapsed.
Believe me, I am painfully aware of this, as a number of my cards are in this trading limbo right now. And for those who do mass trading but don't have access to a device that runs the Mobile Guard (because contrary to the Americans'– including Valve's– beliefs, the overwhelming majority of humanity does not own a smartphone or tablet) will be impaired. A lot.
Comment has been collapsed.
Once companies become big, they think they can do whatever they wish. And that's true, but I hate that. There will come a day when facebook or google or microsoft take over the world, mark my words. :D
But yes, I hate the road steam is going on.
Comment has been collapsed.
What do you think about this utility?
It says it can confirm trades and you don't need an android emulator...
Comment has been collapsed.
I say that look at Archi's message below mine too: that it took slightly faster to circumvent it than I thought.
Comment has been collapsed.
Not true. Smart guys like me already implemented new features into their toys. Making standalone PC authenticator is nothing hard, in fact, some people already done that but it defeats the whole purpose of 2FA, that's why I suggest to use my own ASF 2FA only for alt accounts.
Comment has been collapsed.
Archi, based on my daily work, the vast majority of users, sometimes including IT technicians, couldn't tell the difference between a starting and closing HTML tag, so unless you create a very simple GUI for this, most likely very few will be able to use it without any issues.
As for the implementation(s): while I was almost expecting people to reverse-engineer and somehow circumvent this, I would have expected it to happen later.
Comment has been collapsed.
Sure you can, only items are locked in 3 day escrow. If you don't want to use authenticator, you will just need to wait 3 days before trade completes.
Comment has been collapsed.
Or 1 day, if you've been friend with that person for at least a year.
Comment has been collapsed.
I'm aware of that and it's awful. I doubt I'd find a trader who would be willing to wait 3 days for me, when he could instead trade with someone who has the authenticator and can finish the trade instantly. I'll probably never going to be able to find someone to trade with again.
Comment has been collapsed.
Of course it's about money. Has Valve ever shown any other motivation? LOL. It still surprises me that some people think this whole mobile authentication is for us, the nameless faceless end user.
Think about it -- if you're not trading cards, skins, and games, you're BUYING cards, skins (from the market) and games (from the store). Anything they do to make trading more of a pain drives people to go directly to the source, and Valve gets their cut every ... single ... time.
Now, from the other side of the coin -- your account gets stolen and those items end up being sold much more cheaply than you would sell them yourself -- and Valve gets a smaller cut. On top of that, they have to deal with the person who got hijacked, which is a labor/resource cost.
Valve has absolutely nothing to lose with this new way of handling trades -- and it looks like they stand to make a decent bit of money doing it.
Comment has been collapsed.
Yes, great points. One wonders though why don't they just kill user-to-user trade entirely and do everything over the market. I mean they are getting to the point where, like Apple, they don't even have to pretend any more that everything is about skinning the user.
Comment has been collapsed.
Haven't they already stated that the mobile authenticator is the alternative to doing away with trading altogether? I can't remember if it was an official post or it was a moderator on the Steam forums, but I know I've seen it said in at least one place.
Ah yeah here it is:
One option proposed was to simply remove trading. The Steam Market already accounted for the vast majority of virtual goods exchanged by Steam users. We even generate revenue off those transactions, which helps cover the cost of fraud, unlike person-to-person trades. And removing trading was by far the easiest solution to implement.
from - http://store.steampowered.com/news/19618/
Then they basically go on to say "Oh, but hey. we're doing you a favor by not getting rid of it entirely, even though some of you have put a ton of $$$ into it. (Though in not so many words, LOL)
I'm betting that's the next step -- doing away with trades altogether. Their fallback excuse would be (of course) -- "well, none of our competitors (GOG, Origin, Uplay, etc) offer trading." Then, like you said, they could squeeze the card & skin addicts for every penny they have by forcing them to the market.
Honestly, I like Steam ... a lot ... I really do, because they offer a lot of features in one convenient platform. But yeah, I'd be a fool to think they care two cents about me, you, or anyone else. Their support system alone is evidence of that.
Comment has been collapsed.
From the steam's store news, Third Header (How we can stop it), Third Paragraph:
We needed to create our own two-factor authenticator because we need to show users the contents of the trade on a separate device and have them confirm it there. Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn't intend to. This basically made it impossible to use a generic third party authenticator, such as Google Authenticator, to confirm trades.
Comment has been collapsed.
do you really want to view again the trade window before confirm it?an sms verification could be enough.a 2 step sms verification is very secure and that's why every big company use it,like steam do too.they just don't want to use it for every single trade because of the cost.
they could just use trade hold for only accounts that don't have steam guard enable+phone.
Comment has been collapsed.
...do you really want to view again the trade window before confirm it?
Yes, because valvE thinks 2-step sms is not enough
Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn't intend to
.
they could just use trade hold for only accounts that don't have steam guard enable+phone.
Perhaps I didn't understand?. They could and they did.
This is just my personal opinion. Pure speculation by me
I think they (valvE) had enough with it (security issue). Steam Guard, Email confirmation, and Steam App (only on IOS and Android) are their way of saying "Here are tools to defend yourself. You may or may not use it. But don't come crying at me when something bad happens to you. I warned you, bro! I warned you about the stairs the hackers!"
Comment has been collapsed.
A lot of people access Steam from places where there is no cell phone net acess, so SMS-system would not work for them.
Comment has been collapsed.
Seems odd that in 2015, we can give people internet access in places where they still can't get a cell signal... >_<
Comment has been collapsed.
Every body on a ship for example. That's every sailor and every passenger out there (except on some of the major cruiselines where it's available over satellite at exorbitant fees).
Comment has been collapsed.
I'm not having a pop mate,, I do understand how it could be possible. It just seems strange and I'm sure when Valve was designing this system, they did it under the assumption that anyone with full blown internet access, would at least have the ability to receive 1 text message.
Once you receive the initial text message, the rest can be done using WIFI.
Comment has been collapsed.
I understand why people are frustrated about the app being available only for Android and iOS. Maybe they would make it available for other mobile OSs, too.
But they gave the people who don't have the means to use the app a chance to continue trading. Only 3 days, it's not the end of the world. As for the items that has an expiration date, I'm sure that Valve has taken it into account, too. Maybe the expiration would "freeze" for the period of time while the item is on hold.
I mean, let's suppose I'm giving someone a coupon that expires in four days, and the coupon goes into holding for 3 days. When the other party receives it after three days, they have not only one days left until the coupon expires, but the same four days because it was "frozen"
Comment has been collapsed.
Maybe they could eliminate the need for it if trades purely consist of items that cannot be sold on the market? So gifting coupons, trading coupon-for-coupon or trading non marketable in-game TF2 stuff etc.?
The whole thing surrounding it from Valves point of view, at least according to what they're saying is that it is to stop people gaining access to accounts and profiting from them by selling everything. As these things can't be sold (at least through the market), perhaps there's a case to make them exempt?
It would make these things more vulnerable and people still wouldn't be happy to lose them, but I think they'd ultimately miss them less than items of value.
Comment has been collapsed.
That's an interesting addition.
Maybe they could make a different rules for trading these items? Like, without the confirmation or holding the items. If they are not traded for anything of market value, of course.
Comment has been collapsed.
77,000 retards steam accounts are hijacked every month, fix'd your title, seriously who is dumb enough to get "hacked" by clicking fishy links? xD
Comment has been collapsed.
You know it is sorta the same as playing in silver-gold nova in csgo :D
seriously who is bad enough to play there ? :D still there are several hundred thousands ppl there :D
P.S. greedy schoolkids will click anything if you say them that they've won a 5$ skin. For sth more valuable they can even sell their souls.
Comment has been collapsed.
its not the same, since if you play csgo long enough, you will eventually rise in ranks (i started at silver elite master, and now im legendary eagle :D)
Comment has been collapsed.
It actually is pretty much the same - you can live long enough to get scammed some 4-5 times or more and eventually rise to an advanced user rank (whatever that means) :D. After that you will stop clicking suspicious links :D
Anyway your original statement is actually pretty true since I also can't believe ppl can click those links :D but every1 has different mindset and experience, so no wonder some guys still don't know that internet is not a safe place :D
Comment has been collapsed.
I know one of those 77,000 users who gets hijacked every month. I wouldn't trust him to use shoelaces let alone a smartphone, so assuming he is typical of the problem userbase I'm not sure how many problems this might fix...
Comment has been collapsed.
Lose one and break the other.
Just find and talk to someone working in end-user support
Comment has been collapsed.
I mean that literally, by the way. He didn't tie his shoelaces at all so he kept tripping over and I got bored of that. I did consider trying to force him to tie his shoelaces but then I get worried that he would instead tie his shoes to each other, or tie them to an angry dog, or tie them to something about to be launched into space, or something else disastrous - so I simply took his shoelaces away.
Comment has been collapsed.
"... he would instead tie his shoes to each other, or tie them to an angry dog, or tie them to something about to be launched into space..."
god dammit i need a comic or something of this
Comment has been collapsed.
Angry Space Dog would be fantastic
It could be used like space cat except when you are banned :)
Comment has been collapsed.
I dont feel that this is a two step verification anymore. It actually makes your account more vulnerable. I just have to go around stealing phones and i will be able to send trade and verify trade on the phone itself and skip all the password/email process since steam is log on 24hrs in the phone. Even if they add email + mobile trade confirmation, if your email is 24hrs connected in your phone, it does not make any difference. Next time you go to a party and you find any phone laying around and it is not password protected, search for steam... so for now at least for my phone, it is easy to take all my items in steam if you took my phone.
Comment has been collapsed.
Hackers rarely want to work in a way which is so high risk and inefficient. Actually physically taking someone's phone is a very risky thing to do just to see if they maybe have a steam account that MAYBE has something worth a couple dollars on it. Your method would also be extremely slow with infrequent opportunities to pull it off. So I highly doubt anyone is going to be stealing phones just for this outside some punk ass high school kid getting back at someone in his class or something.
Comment has been collapsed.
Example is wrong, but the idea is right. All that is needed is compromising the smartphone - average user will have e-mail app, steam account app and steam authenticator, most likely all of them logged-in. Phones security is, well, not the best. Average android cell gets one maybe two firmware updates through the whole lifetime.
Comment has been collapsed.
I'm not arguing that the cellphone isn't vulnerable. I just highly doubt that this massive almost "commercialized" hacking that Valve is worried about will take place through physically taking someone's phone. You are, of course, right in that phones are easily compromised.
Comment has been collapsed.
My fault in reading more than was there, sowwy )
As a side note it will be interesting to watch how fast account/items stealing will move to attack phone users.
Comment has been collapsed.
well they are blocking more and more links everyday, for example a bot sent a phising link which I then reported, a day later another bot sends the same type of message but the link was remove [LINK REMOVED] so they are trying at least
Comment has been collapsed.
I have a better idea, get a better support that can fixes this kind of problems by showing proof that the account is yours and thats it
Comment has been collapsed.
so when the number is still the same the next year, will the get rid of it? :)
Comment has been collapsed.
No, they will introduce fingerprint authentication and will force you to buy new smartphone which is able to recognise it xD You will have to touch your screen for a moment every time you want to log in into your steam account.
Comment has been collapsed.
now with mobile authentication, I expect Valve to launch iSteamPhone, so those people like me can use their new effin *** authentication
Comment has been collapsed.
I wonder how many of those 77,000 accounts had Steam-guard disabled, and now the rest of us have to suffer for it. They leave out that little nugget of information, however. And let's face it -- less trading means more money for Valve.
"There's no such thing as idiot-proof. Idiots always find a way."
Comment has been collapsed.
Forgive me my rudeness, but this is bullshit. They say it's not the matter of technical knowledge, but it's not true. There is only two ways to hack an account - use some mistake of a user, or using holes in valve's services. Second case never happened. Well, almost never - some time ago (maybe a couple of years) steam databases were stolen. BUT, this databases were encrypted, so actually no user were harmed by this. So, if anyone loses account - it's always, 100%, only, because of some mistake from this user. Trying to solve this by making a fool-proof services - is a dead end - you can't foresee all mistakes can be done, and every attempt in this direction makes service worse for technically prepared users. I hope just hope that this would be inconvenient for majority of people, and valve would revert it when they see anger of all these people. I want to believe.
Comment has been collapsed.
Comment has been collapsed.
That's what I talked about. Read carefully.
hashed and salted passwords
this means, criminals didn't get real passwords and were unable to steal any account.
encrypted credit card information
same, data was encrypted, they were unable to steal any money.
Comment has been collapsed.
I agree with you except 100% users fault part foward. Crackers do crack Valve's security encriptation quite easily if they want to.
In fact, the first part does not match with the second part very well. If they hold the technology to secure personal info, it will never be 100% users fault, no matter what... even if the user give their password away. Information such as credit card and stuff like that should be keep to steam itself. That way, if anyone try to collect sensitive info, it must be done by a security hole...
Comment has been collapsed.
Do you have any proofs of security holes, or it's just your imagination?
Comment has been collapsed.
try to access your card number or any sensitive data from your account to make your imagination working as mine.
Comment has been collapsed.
Who told you that card number ever been stolen from steam? (apart from imagination, of course).
Comment has been collapsed.
really? let me help you as well as EsE did an hour ago. http://www.steamgifts.com/go/comment/ZuXcnq3
Comment has been collapsed.
Yes, this was a hole, but this was once, and criminals didn't get the card numbers, because all sensitive data was encrypted. No one lost money because of that. And If your account would be stolen by some trojan or phishing - you could lose money, because card is connected to your account and purchases in steam can be made by criminals.
Comment has been collapsed.
do you really think that encrypted data is safe? the access to steam database is encrypted and look what happened. you are underestimating crackers and reverse engineering.
have you never heard of money laundering? disconnect money from your person using your credit cards or whatever is much more easy thank you think. with internet, money laundry goes much faster than you can even imagine. bit coin can do that trick with just one direct transaction. (by the way, no criminal smart enough get other people's credit cards from steam to buy on steam)
never consider money trackeable and you'll get it back from who took it away. just consider who keep your personal data with their respective responsibility to replace it and you'll be fine if shit happen.
Comment has been collapsed.
Of course encryption is safe. Yes, not every encryption, and not 100% safe, but if whole steam database was stolen and none money were taken - it's kinda proof of the safety of it.
Seems like you know nothing about internet security, because "access to steam database is encrypted" is nonsense. If I tell you "my door encrypted by a dog", it would have as much meaning as the phrase you said.
And I have no idea, how money laundering connected to our discussion and to encryption in particular. And, if you start speaking about it - money laundering is not about preventing tracking, it's about making money seem legal. The term "money laundering" appeared long before electronic payments, and you know - cash is as much anonymous as bitcoins, sometimes even more anonymous)
Comment has been collapsed.
the money laundry part was because I read "couldn't" instead of "could". sorry about that.
so you do underestimate crackers. I'll leave that behind because it is your believe. :D
but... looks like you know even less about internet security because now a dog will have to encrypt your door with https.
Comment has been collapsed.
https protects data transferred between you and server. If you use https then logging in to some site - it means only that your data can't be intercepted by someone else. Your data is safe while it travels from your PC to server. But it says nothing about how strong server protection is or how safe your data on servers, or even how safe your data on your PC. So, connection between you and valve - safe, because it's encrypted. Your data is safe on servers - because it's encrypted too. Even if valve servers had some vulnerabilities, allowing to access database - data still was unreachable to criminals. But data on your PC is not encrypted, and that's the vector of attack hackers use. If you set steam to autologin - then your login data is stored on your PC, and and almost any application can access it. Other not encrypted storage is your brain - so hackers can try to get your login and password by phishing. But, if you have steam guard on - your login and password almost useless, unless you use the same password to your mail. As you can see - only user-side is vulnerable, and only user-side is used so far for stealing steam account.
Let me tell you an anology:
You have a credit card. You write down it number, put it into steel box, which is autoatically locked when you close it, and send it to Gabe Newell by post. Steel box = encryption of a channel. Then, Gabe open the box with his key, and put your letter to the vault. So, criminals can steal the steel box you send, but they don't have tools to open it. They even can grab the whole vault from Gabe, but can't open it neither. And they can sneak through a window to your house, and steal your card. Or call to your phone, say that Gabe send them, and ask for your credit card number. How do you think, what is easier, and what criminals would do?
As far as I know, even single account was not stolen yet from the server side of steam. If you have proofs that it happened - show me, and I'll recognize that I was wrong.
Comment has been collapsed.
so now the access is encrypted? very interesting how you explain it but deny at the same time.
you think that criminals who stole your credit card will leave a note when use it: "I got this info on Steam"... like people create credit cards only to put on steam and nowhere else. you do believe that their personal info is only on Steam and nowhere else as well. thankfully criminals always leave a note saying where they got personal data. yeah right...
Sorry bro, I think the proof you want will ever gonna happen.
Gladly, that way, stolen Steam database will ever be decrypted because no criminal so far left a note saying that they got that info on Steam.
Comment has been collapsed.
so now the access is encrypted? very interesting how you explain it but deny at the same time.
I didn't deny it. Just noticed that you messed encryption of data on servers, encryption of channel and overall security. All this connected to each other, but not equivalent.
And why the hell we talking about credit cards anyway? No one steal steam accounts to get credit card data. It's impossible (well, unless you know some 0-day vulnerability in valve, but you know - this kind of vulnerabilities does not live long). And it's stupid, because money from credit card are easier to track (yes, I agree - there is a ways to prevent tracking. but that's more troubles, and most of scammers don't bother about it.). Accounts are stolen to get steam items, sell it, and then withdraw money from steam (not directly of course, but there is a ways to do this. This process is very similar to the money laundering you mentioned above). Also, stolen accounts are being sold too, to get extra money. If you'll search google for "buy steam account" you'll be surprised, how much accounts sold, and more important - brought. So don't worry about your credit card data, it's safe.
Comment has been collapsed.
now I got 4 trades on hold and one of them was a level 100+ guy, i asked him if he got the mobile security, but he disabled the trade-confirmation... and you need this for a fluent trade to work :/
Comment has been collapsed.
yep. but u really dont get email confirmations if the mobile authenticator is enabled, so i dont see the point on why volvo is forcing the option but it doesnt do a thing
Comment has been collapsed.
they want our mobile phones~~ (information is money/power in this world)
Comment has been collapsed.
when you use mobile security, you will get the trade-confirmation on the steam app on your mobile
and you have to enable it for no waiting time
Comment has been collapsed.
And that level 100+ person would be me. Either way, sorry for wasting your time. I took myself off STM because honestly this makes trading to help people complete sets more time consuming than it's worth.
Comment has been collapsed.
yes it was you, and it's not a waste of time, just enable the trade-confirmation and the trades will go faster :)
Comment has been collapsed.
Yeah, and if you trade via the website they don't tell you. Only when you do through the client.
I changed my contact email on Steam because I wasn't getting the confirmations email. Only found out about the in-app confirmations after I got trade-locked for a week... for changing my email.
Comment has been collapsed.
77,000 Steam accounts are hijacked every month, but 70 000 Steam accounts are from same people as last month :D
really cant understand, how somebody can lost steam account
Comment has been collapsed.
really cant understand, how somebody can lost steam account
Oh, it's easy. If someone asks you too download and start .exe(or .scr maybe) file - just do what they told you, and your account surely would be lost)))
Comment has been collapsed.
i often get those links, i even click on that links to be sure, which file it contains, but my browser always ask before downloading, so i never download it, if i see file random_name.scr (every month alteast 1 message like "hahaha, is that you?! and some shit link" and lot more)
Comment has been collapsed.
i never download it,
That's what you doing wrong! XD
Comment has been collapsed.
I just wonder how come people let that happen and keep that way... Never heard of someone who did go to police, then to justice.
Any security matters is Steam problem, not users. They hold their technology to keep the info in their database, not users. That way, they have full responsibility to provide security enough too keep the content under user's/steam power. You don't have to fear like "omg, the world is so bad". If you got hijacked, just go to the police, then to justice to revert any changes. Internet is not a no man's land.
If any info of yours was leaked unintentionally, they have full responsibility because they hold the technology to secure that info.
That said, if someone, for any instance, hijack your account, it is Steam full responsibility to revert any unauthorized changes.
Comment has been collapsed.
Do some math with ~125 million accounts (where more than half is not active) and 77.000 each month and 2-3 years
think for a moment and then .....STFU GABEN!!
Comment has been collapsed.
77k is nothing compared to the total steam accounts.
valve keeps claiming they get hacked but i'm leaning towards thinking these people just click everything that is sent to them...
well, i hope i never find out if i can be really hacked. :3
Comment has been collapsed.
77,000 children that should not be playing pc games every year is what that should say
Comment has been collapsed.
http://www.vg247.com/2015/12/10/steam-hacking/
http://store.steampowered.com/news/19618/
(-‸ლ)
Comment has been collapsed.