Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam account keeps getting accessed


  • Please log in to reply
6 replies to this topic

#1 Cibot

Cibot

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 31 January 2018 - 03:12 PM

Hello,

 

recently someone has been trying to access my Steam account from somewhere in the world, always switching the location (prob. vpn). I've a pretty secure password everywhere and most are different and / or have 2FA. Now I've used Kaspersky, Windows Defender and Malwarebytes to scan my pc (Windows 10) and nothing was found. Could I somehow track anomalys in my system / determine which application is causing ONLY my steam password to leak? Literally nothing else I know of has been accessed which makes no sense as Paypal and my Bank account would be alot more valuable. I also tried changing the password to something really ridiculous and my account still got accessed the next day. (28 Digits including $4_aA- basically pretty obscure)  So no way they got lucky and brute forced 3 times. (a guy was trying to tell me that my password would easily be bruteforced in less than 30 hours, I used "$uCkM41B4ll$pl34Z3!!!" as an example, as my password was similarly complex) My guess is that I somehow got malicious software that is somehow abusing a .dll that the client login window uses. I've tried changing the password on a seperate device and my network is private, meaning there are no people in this household that could somehow monitor the network and syphon out the password, which shouldn't be possible in the first place but just so you know. The steam emails are also valid, they come from the genuine steam support email, I've verified it multiple times. 

 

Hope you can help me out as I don't want to reinstall my windows and want to learn a little about this topic. 

 

Best regards



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:47 PM

Posted 01 February 2018 - 07:47 AM

Welcome to BC....

 

Trying to access is not the same as actually accessing your Steam account.

 

Try getting a new email account and then changing the email account in Steam that is used to notify you.

 

You probably can't change the name of the Steam account but if you can I suggest you change it to something

difficult to guess.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Cibot

Cibot
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 01 February 2018 - 08:39 AM

I tried a bit around but you ONLY get that notification when someone actually types in the correct password + account name information. 

You also don't get a notification if someone types in your previous password, so there must be some time of keylogger only for the Steam Login Window.

It should not have anything to do with email in this case. 

 

Is there some way to monitor what happens when I type into the Steam login Window? I'll try seeing with wireshark if and when it's actually being sent but I'm not sure I'll find something useful. 


Edited by Cibot, 01 February 2018 - 09:09 AM.


#4 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:47 PM

Posted 01 February 2018 - 09:02 AM

If there was a keylogger on your computer then I would think it would be more interested in your financial info than Steam.

Malware exists to profit...to steal.

 

You can get a more thorough look into your computer by starting a new topic in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Cibot

Cibot
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 01 February 2018 - 10:01 AM

As I said, so far it has only been my Steam account that has been accessed. This has been going on since 22.12.2017, so I think I'd already have gotten some activity on my other accounts. - All relevant accounts are secured by 2FA so there shouldn't be any need to worry.  As I said I'll try out some network analyzing programs and maybe I'll find something, in the meantime I'll post the logs in a seperate thread, although I did not find anything malicious, I hope you guys do. 

 

Thanks for the help. 



#6 Alunny

Alunny

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 AM

Posted 03 February 2018 - 02:18 PM

Sorry just wanted to chime in here, if the hacker is running some sort of steam scam then the other info might not be what they are after.

 

Cibot do you have Steam Guard on your account? That might help....but them guessing your password is pretty bleepty. 



#7 Cibot

Cibot
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 03 February 2018 - 02:35 PM

Yes, I have steam guard. There is basically no risk right now. Atleast no obvious one, they might be getting all my passwords or generally getting alot of info, but all I know, is that they're only getting my steam credentials. Since I have 2FA on every important account on my computer, there shouldn't be a risk. Nevertheless, I want to sniff out the malicious software and maybe learn in the process on how to find it by myself in the future. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users