(Closed) Steam Logged In From UKRAINE!?

94 Comments - Created by vcvc8 1 year ago

I have no idea what happened...

First some guy added me to trade a "card" (ignored him) and told me to add his other account (he has at least 4 accounts) next thing I know I'm logged out of Steam and it says I was logged in from Ukraine and that the person entered Steamguard correctly. But my eMail account associated with Steam says the last logged in countries are only Israel (I'm from Israel, so nothing suspicious about that)

Of course I changed passwords for both my Steam and my eMail, but what the fuck just happened? and maybe this could've turned out much worse if I haven't been awake at 4:45 AM!?

Is my account vulnerable to further "damage" now!?

P.S. MY WHOLE INVENTORY IS FUCKING GONE.

I realized this might be due to phishing.

P.S.S. Luckily I have all information about said guy including his Phishing link, the profile to which he sent all my stuff... I just need to know how I can find out his IP? (Also, this is just in time for my birthday and he stole the stuff I meant to giveaway on it -__-)


Some people say this is obviously missing information.

Well, at first I wrote this post before I discovered I really was hacked and my inventory was gone, and I got more and more information after this post was opened.

I will now gladly tell you what happened, as copied from my much more informed S.Trades warning.

@#% added me and told me to add his main account. That was actually a phishing link to a fake Steam page. His supposed real account's name is $$$!$$% and if you search on Steam you will only find 2 accounts sharing that link. Well, it's pretty late at night (5 AM and I was about to go to sleep just the moment he asked me to trade) so I entered the link and logged in, some how he got through Steamguard (He did not enter my eMail, because my eMail account says it was only acessed from Israel , and as some guy suggested he did not keylog me or something because I only changed passwords about 10-20 minutes when I finally realized what happened, and I did not turn off Steamguard because that's a stupid thing to do) and a second later I have no inventory items except for 3 emoticons and all my unvaluable TF2 items.

I currently have all information about him including his profile link, his fake phishing link, a list of all my items stolen + a picture of the list to make sure. All of this wouldn't have been possible if he hadn't forgotten to freaking block me (I think he's still in my friends list).

Camron (1 year ago)

Turn on Two-factor authentication for your email if it has it. Open a Steam support ticket too.

No, the thing that's confusing me is that no one else accessed my eMail!

vcvc8

(1 year ago)

FrozenBlade (1 year ago)

wow.. sorry to hear about that.
do you still have access to your account? if so, check gift / trade history to see where your inventory went.

I have access, thanks for the idea!

I now clearly know who the thief is.

vcvc8

(1 year ago*)

ok. report the thief, and try to provide as much proof as possible

FrozenBlade

(1 year ago*)

Just found who he is.

vcvc8

(1 year ago)

Janrok (1 year ago)

Must be just a glitch, wait it out.

Nope, confirmed phishing link.

vcvc8

(1 year ago)

What was the nature of the phishing link? Obviously don't share the exact link, but what did it purport to be? I ask because I had a similar thing happen where someone got onto my Steam account and traded off some of my TF2 items (and oddly bought 2 keys on the marketplace, which I could resell now for a profit, but whatever). Only, I can't recall clicking any phishing links or signing in with my steam information anywhere recently.

uhhsam

(1 year ago)

How can you sell two keys from the marketplace for a profit? Someone must have listed it wrong because market price is 30%+ real trade price.

PPG113

(1 year ago)

think he meant the guy that robbed him left 2 keys behind who's market value is higher than what was taken so ushsam sold them?

TheGannet

(1 year ago)

He used my steam wallet funds to buy 2 keys for $1.80 a piece on the marketplace. Now they are selling for $2.18, which would give me $1.90 back after Valve takes their cut. They are still in my inventory, though, as I am waiting for a response from support.

uhhsam

(1 year ago)

It looked just like the regular Steam home page but in Russian (which made sense to me because I only use Steam on my browser to see Russian store prices.)

vcvc8

(1 year ago)

nevyn (1 year ago)

Check IPs logged in from.

Where can I see that?

vcvc8

(1 year ago)

Go to your email and there should be an unsuspected activity thing or something from Steam and their Ip address should be provided within the email

Skylarz

(1 year ago)

Nothing like that, sadly :(

vcvc8

(1 year ago)

Aw Idk :( It's quite weird how he didn't have to access your email for Steamguard o.O maybe he knew where you were from and changed his IP xD? Try restoring deleted emails and see if he deleted the Steamguard email

Skylarz

(1 year ago)

How do I restore emails? :)

vcvc8

(1 year ago)

Do you use hotmail :3? I never really use the other messengers, but I think both yahoo and google has them. To restore for hotmail you only need to go to Deleted and somewhere inside or near the Deleted window, a highlighted restore your deleted emails SHOULD be there :3.

Edit: For Outlook/Hotmail

Skylarz

(1 year ago*)

This is all the Steam email will say:

Dear [your email],

We've received a request to access your Steam account from a new computer or web browser. To complete this process, enter the following special access code into the authorization dialog before trying to log in again:

[Authorization code] If you did not attempt this action, please change your password immediately.

Thanks for helping us maintain the security of your account.

The Steam Support Team http://www.steampowered.com

uhhsam

(1 year ago)

GrimAquatic (1 year ago)

I'd advise you to deauthorize all other computers.

FrozenBlade (1 year ago*)

oh.. maybe when he told you to add his other account he provided a link to it, then you had to provide your username and password to login again. that was probably it.

edit: yeah, again. really sorry to hear that, especially with your birthday coming and stuff :/

JooJooFace (1 year ago)

Tell steam support. Maybe they can do something. Hopefully they could restore your inventory.

Well from what I heard about them being lazy shitheads, guess I won't do my birthday giveaways in time.

vcvc8

(1 year ago)

They're neither "lazy" nor "shitheads". The team for millions of player is quite small and need time to reply. Needless to say when they reply you're problems are fixed

I can't see anyone else helping you here.

wuodland

(1 year ago)

Than Valve is cheapskate who doesn't want to spend money to hire few more people so wait time wouldn't be few days.

PsyKo

(1 year ago)

I've usually found them to offer unhelpful solutions and be inappropriately snarky.

Osiris11235

(1 year ago)

+1

Oklep

(1 year ago)

I'm not sure if its fixed but it says that you have 96 items in your inventory before actually seeing it. Which then goes to 0 items (probably because inventory is set to private)

JooJooFace

(1 year ago)

That's including all my game items in TF2... He only took 3 genuines from TF2 but the rest is some Steam gifts I had in my inventory and tons of cards.

vcvc8

(1 year ago)

mangenkyo (1 year ago)

This just happened to me too, i opened that phishing site but didn't logged it...

I just reported the guy to steamrep.

TFrank (1 year ago)

That is interesting that with Steamguard enabled he was able to enter your account. Raises a question if there's a way to circumvent Steamguard's authentication out in the wild.

Also, keep your inventory hidden to everyone. Nobody needs to know just exactly what you have on you.

Thanks for the advice :o I should do that too

Skylarz

(1 year ago)

There must be some trick, because a similar thing happened to me a few days ago, and the Steamguard email was found sitting in my deleted items folder. Wasn't deleted by me and even if they had my Steam password somehow, my email password was different.

uhhsam

(1 year ago)

Hrm. Did you check the logged in log for another IP address?

There's the possibility they're also hijacking your PC I guess, but I don't know how easy that is, much less via a phishing link.

TFrank

(1 year ago)

Just means they have both, which probably means you logged in to your email and steam on a compromised PC. Net cafe perhaps?

ACorpse

(1 year ago)

I don't think is that difficult to circumvent SteamGuard, complicated yes but not impossible.

One way is to grab the cookies used to mark "safe" browser/computer, spoof the target IP, some other technical details, but not much more than this. Another way is to grab the SteamGuard through the pishing page, but that would require that the attacker to log in at steam to trigger a email on the target.

Is possible, probably more complicated than that's the essence.

I never understood some of SteamGuard's behavior, some times I got 2 different codes after I tried to log in 2 times in 3 minutes on the other hand one day I tried to log in 3 times with 5 min between each other and receive the same code!

I think his computer was compromised and he was unaware of that!

VictorRdS

(1 year ago)

Aneszej (1 year ago)

Damn man, sorry to hear that :/

Chupong (1 year ago)

Thieves are so wild this days.

Zharwyn (1 year ago)

I'm sorry to hear. I hope it gets fixed and that you get all your stuff back. Hate to see those b*tards get away with things like these.

idolstalker (1 year ago*)

I guess everybody here is scared now...

CombatWars (1 year ago)

Now imagine if the lawsuit against Steam is passed and all games in the library can now be resold/traded. Not only your inventory would've disappeared, but your library too. o.o

My worst fear, realized.

Yeah, okay... I'm afraid to have Steam now. I mean, literally all of the games I actually play are on Steam.

Someone hold me ;_;.

UndeadNecro

(1 year ago)

Well I hope that they would beef up their customer support if that happened.

fubarnocaps

(1 year ago)

Steam Support isn't really that great, to be honest. I have yet to actually encounter the emotionless monster, but there's too many complaints about it.

UndeadNecro

(1 year ago)

I've gotten a few replys like this:


Hello Jason,

We apologize for the delay.

Thank you for taking the time to report this issue.

We are aware of the problem and are investigating the issue further.


This just means that they don't know what happened and it's out of their hands.

CombatWars

(1 year ago*)

They could at least say that, although the ones getting the message already know it.

UndeadNecro

(1 year ago)

While a portion of customers are just fine being told the truth that X company has no recourse or solution due to any number of external factors, a lot more fly off the handle if you even hint that you cant fix their problem.
This is why you often get 12 different canned responses, all giving you no actual information.

PPG113

(1 year ago*)

Yeah, but the ones that fly off the handle probably hate the company anyways.

UndeadNecro

(1 year ago)

Pr0n (1 year ago)

Parts of the story are obviously missing.

Which parts, pr0n?

omnitau

(1 year ago)

Probably ones about clicking some strange links.

PsyKo

(1 year ago)

The part, when he admits, he clicked on a phising link, then entered both his username and password.

MrD

(1 year ago)

Probably also the part where he disabled steamguard.

keenguitar

(1 year ago)

Why would I disable Steamguard? I'm not a retard.

vcvc8

(1 year ago)

..

"..that was actually a phishing link to a fake Steam page.. so I entered the link and logged in"

If you're not retarded, why did you do this? He got your username and password like this, and probably a copy of your local cookie made by Steam to get past Steamguard (as in, never be asked for a code, at all).

Ansatsunin

(1 year ago)

xboxer (1 year ago)

You must have clicked on a FREE GAMES link.

I wrote exactly what happened up there.

vcvc8

(1 year ago)

ashkael (1 year ago)

If you pressed phishing link it's your fault and you got what you deserve. Nothing more to say.

Yes, it was unwise of him to visit a phishing site. However,

"The other premise is that people who are fooled are gullible. We've heard from lots of people. That's not true. Anybody can be fooled. No matter how smart you are, no matter how much you know, there is always sombody out there who could know more than you and can exploit that knowledge to fool you in some way. I wouldn't blame the victim. That's the allure, the trap, to blame the victim."

―Steven Novella

That's something I very much agree with.

falsifiable

(1 year ago)

It's not about who is smarter. It's about who is not smart enough to know that this is wrong and it's phishing. If scammer/hacker/phisher takes your account without your actions involved, then it sucks and nothing you can do. But if your actions where there to help him, then it's your fault.

I don't even can think at least one way how he could trick someone to press some stupid link and login there with your steam account.

ashkael

(1 year ago)

So if I trick you into giving me everything you own, you admit that you have no problem with that because "you got what you deserve"?

PPG113

(1 year ago)

No one says there's no problem. It's just it's his own problem and he got what he deserves. Next time he will try to use brains at least one time. He is lucky that it was steam account, not bank account.

ashkael

(1 year ago)

i think thats a challenge...give him what he deserves ppg113

drb00t

(1 year ago)

xXGatumadreXx (1 year ago*)

Dudeee, that must be so fking horrible, I can't imagine my reaction if i get Hijacked like that, i think im going to start taking more precautions with my account.
PS. Sorry about your loss :(

Devil231 (1 year ago)

i hate to tellyou this but is you don't check the address page you enter your details you deserve your fate

HillaryClinton (1 year ago)

Man, that hurts, thats why I don't add randoms, not worth the risk.

MatoMatico (1 year ago)

Your inventory has a trade history. You can see what account took your items. Are you sure you didn't click a link, wich looked just like steam login page? They do that often. I always double check, that it has https in the adress. If not, I know it's a scam and type somethig inappropriate to name and password and then it asks for the steam guard! xD The hacker must be dendi...

I would've checked but it was 5:00 AM :O

vcvc8

(1 year ago)

Doppleganger (1 year ago)

If you don't already... use different passwords for your e-mail account vs. other things (i.e. Steam). have Steam send the notification e-mails to a separate e-mail, not the one you login to Steam with.

+1 this is what I do

Ruaben

(1 year ago)

zeroxxx (1 year ago)

Phising link. Not even GAben can help you because of your own mistake and ignorance.

^^ This And the stupidity...

Rapid

(1 year ago)

Juzza (1 year ago*)

Looks like that when he passed you that "link", it was a false steam link where you entered your password or maybe some torjan that stole both your steam + email info when you changed it while in panic(they record your typing), if you would only changed your steam password maybe he would not get his hands in both so soon.

Im sorry what happened,also try to clean your PC as fast as you can with updated antiviruses/spyware detection software(even with trials it works).

justila (1 year ago)

Yep, you clicked a phishing link. Gotta be careful with those yo.

Nixxi (1 year ago)

Be careful next time bud.

hustlayo (1 year ago)

That sucks but you should have never clicked any link from him. Why would you do that?

BTW: How to check from what countries there was a log in to Steam?

It just said my account has been accessed from Ukraine...

vcvc8

(1 year ago)

I thought there was a place in Steam where you could check the country from which someone logged in.

hustlayo

(1 year ago)

bliNkAAzz (1 year ago)

Yeah...successful troll is successful.

Are you fucking serious?

Add me and I'll show you the evidence.

vcvc8

(1 year ago)

I looked at your Steam Profile 5 hours ago and it said that you currently have 132 items in your inventory,but now only 102..

bliNkAAzz

(1 year ago)

"vcvc8 currently has 0 items in their inventory."

Pr0n

(1 year ago)

Only means the inventory is set on private.

edit : just changed my inventory parameters for demonstration purposes. I do have items, gifts, cards, backgrounds and shit and yet, you'll have that message. Just look at his profiles, it says 102 items indeed.

DavidSarif

(1 year ago*)

Yeah..but people are dumb to belive all shit on SG...

bliNkAAzz

(1 year ago)

It used to say "Private" when you did that, didn't know that was changed.

Pr0n

(1 year ago*)

Vassay (1 year ago)

Sorry to hear this, I hope the guy gets punished and you get your items back.

He didn't need to check your mail, because you entered you login, password AND SteamGuard code right there at his phishing page.

Good luck man, and please don't hold it against the Ukraine. We're not all like this here, I swear ;)

arnab21 (1 year ago)

I feel sorry for you bro . happy b'day in advance :)

ZnSstr (1 year ago)

keylogger?

Yolobear (1 year ago)

Good phishing technique. When u entered ur username and pass the hacker must have entered it onto the real steam page immediately after so that u get the email for the hacker's PC. This means that u entered the steamguard code that u got from ur email for hacker's pc.

InJ3cTiOn (1 year ago*)

Your inventory is gone: Inventory - 103.

That's a nice culstorybro.

I meant Steam inventory... Now I have TF2 weapons and cratea and a few cards I got since the hacking happened.

vcvc8

(1 year ago)

fubarnocaps (1 year ago)

Woah, the same thing almost happened to me! Someone messaged me asking to add them on their main account, but there was a misspelling in the link so I just blocked them. That's horrible, I feel bad for you.

This topic is now closed.