November 13, 20241 yr I use Steam for MSFS. For MSFS 2024, maybe not. I'm having second thoughts. Steam uses two-factor verification to authenticate users by sending a security code to the user's email. The user has to have access to his email to get the code. My Steam account was accessed without my knowledge and funds were withdrawn from the account. Steam tech support is apparently unwilling or unable to do anything about it. I'm posting here to see if anyone else had the same experience I recently had. Does anyone else have similar concerns as I now have regarding Steam? Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr 38 minutes ago, bofhlusr said: Steam uses two-factor verification to authenticate users by sending a security code to the user's email. The user has to have access to his email to get the code. My Steam account was accessed without my knowledge and funds were withdrawn from the account. Sorry for your woes - never has happened to me. So you're saying your email account was hacked too? How would "they" be able to access your Steam account otherwise? Personally, I never keep any funds in the account just for this very reason. Regards, Kendall 7800X3D/G.B. Aorus 650 Elite V2.0/32GB GSkill Trident 6000-CL30/Nvidia 1080 Ti./Seasonic Focus 1200W PSU.
November 13, 20241 yr Sorry to hear that. Unfortunately, two-factor authentication via mail is not as secure as most other kinds of two-factor authentication. All they need to do is to hack your mail. For the future, I'd suggest the two-factor authentication via app, which is more secure. Editor-in-Chief at SimulationDaily.com
November 13, 20241 yr Author 3 hours ago, irocx said: Sorry for your woes - never has happened to me. So you're saying your email account was hacked too? How would "they" be able to access your Steam account otherwise? Personally, I never keep any funds in the account just for this very reason. Good question. My question too. Below is the reply from the 1st ticket I received from Steam Tech Support. They're saying I was scammed. What?? I wouldn't call it a scam. It's theft. Would you call a burglar a scammer? No. Burglary is theft. Steam closed the ticket. I followed up with a second help request explaining my concern about two factor verification. They closed that ticket too. For those not familiar with two factor verification: "Two-factor authentication (2FA) is a security process that requires two different forms of identification to access an account or system. It adds an extra layer of protection beyond just a password. Here’s how it works: 1. Something You Know: This is usually your password or PIN. 2. Something You Have: This could be a smartphone, a hardware token, or a security key that generates a one-time code. When you log in, you first enter your password. Then, you’re prompted to provide the second factor, like a code sent to your phone or generated by an app. This makes it much harder for unauthorized users to gain access, even if they have your password." -Microsoft Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr 2 hours ago, bofhlusr said: What?? I wouldn't call it a scam. It's theft. Scam or theft, either way they are crimes. I'd write to steam again informing them that seeing as they won't take responsibility for the lack of security for your funds you will be reporting the case to the police. Look up REPORT ONLINE FRAUD for your location, usually a simple form. I've done it for ebay scams, at least one low life behind bars because of it. Russell Gough SE London
November 13, 20241 yr 5 hours ago, Abriael said: Sorry to hear that. Unfortunately, two-factor authentication via mail is not as secure as most other kinds of two-factor authentication. All they need to do is to hack your mail. For the future, I'd suggest the two-factor authentication via app, which is more secure. Absolutely. I just checked and Steam still only offer authentication via their own mobile app, not common authenticators like Authy or Google. I try to keep the amount of apps installed on my phone to the bare minimum so I'm reluctant to install Steam. FS2024 • PMDG 738, 77F • FSL A321 • A2A Comanche, Aerostar • BS Baron, Bonanza, Caravan Pro • JF Tomahawk • TAOG H500C BeyondATC • GSX Pro • ChasePlane & Flow Pro • TDS GTNXi • FSUIPC • AutoFPS • RealTurb 9800X3D B650E • ROG OC RTX 5090 • 64GB DDR5-6000 • VKB Gladiator, STECS, T-Rudder • Tobii 5 • ISP 1 Gbps
November 13, 20241 yr Author 7 hours ago, sloppysmusic said: Scam or theft, either way they are crimes. I'd write to steam again informing them that seeing as they won't take responsibility for the lack of security for your funds you will be reporting the case to the police. Look up REPORT ONLINE FRAUD for your location, usually a simple form. I've done it for ebay scams, at least one low life behind bars because of it. Nice suggestion. I googled. There are a few hits. The question is which one? Suggestions? I ask because the second looks like a legal solicitation website. The first three: 1. Online Blackmail Help - Digital Forensics Corporation 2. Ask a Fraud Question, Get an Answer ASAP! 3. How to Report Fraud at ReportFraud.ftc.gov | Consumer Advice 7 hours ago, flyingscampi said: I just checked and Steam still only offer authentication via their own mobile app, not common authenticators like Authy or Google. I try to keep the amount of apps installed on my phone to the bare minimum so I'm reluctant to install Steam It's not about the amount. It's access to your email client and other devices that is a concern. I don't use my phone for browsing the web and like you I keep apps installed on my phone to the bare minimum. I generally keep what I install to the absolute minimum on my desktop and phone and that's why I used Steam for MSFS because I already had a Steam account (FSX Steam). I did not want to open an XBox or Marketplace account and yet have another id/password pair to note of and use. Edited November 13, 20241 yr by bofhlusr Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr I'm going to state the obvious but your email password and your steam password are different I hope. Email is the key to many things, so it's important that the password for that is different from anything else, same applies for bank accounts. Brian W KPAE
November 13, 20241 yr 10 hours ago, bofhlusr said: Good question. My question too. Below is the reply from the 1st ticket I received from Steam Tech Support. They're saying I was scammed. What?? I wouldn't call it a scam. It's theft. Would you call a burglar a scammer? No. Burglary is theft. Steam closed the ticket. The Steam scam is widespread and has been going on for 5 years. I don't think they hacked your email. Have you logged into Steam recently in your browser? You probably clicked on a phishing link from Discord or your email, and gave them your password without realizing it. If you share passwords... well... you've given them your password everywhere...
November 13, 20241 yr DuckDuckGo is a secure browser. I recommend them. https://duckduckgo.com/ Vic green
November 13, 20241 yr 16 minutes ago, bofhlusr said: The question is which one? Suggestions? Well I need to know which country first, which is personal info lol! it HAS to be a govt official site. Due to state security they have the best tools to crush a scammer as today it's your Steam password tomorrow it's a hospital record system or financial institution. In the USA I used the official FBI one, there's a gov.uk one in the UK too. here's the US govt site: https://www.ic3.gov/ and the UK one. https://reporting.actionfraud.police.uk/login Anything other than an official gov site is a waste of time and potentially a scam itself. Russell Gough SE London
November 13, 20241 yr Author 2 minutes ago, BrianW said: I'm going to state the obvious but your email password and your steam password are different I hope. Email is the key to many things, so it's important that the password for that is different from anything else, same applies for bank accounts. Yes, it is. My email and steam password are different. The thing is, as far as I know I did not receive the 2nd part of the two-factor authentication for the theft. And yet, the thief was still able to access my Steam account. Was my email registered at Steam re-directed using a "man-in-the middle" (google) attack to another email account instead without my knowledge? I'm going to check out the 3rd website (ReportFraud.ftc.gov - Forms). It looks legit ie. https with a .gov domain. Do you use Steam or Marketplace? Are there any pros and cons to using the Marketplace other than having yet another id/pw pair to note? I usually purchase directly from a developer's website and only purchase on the Marketplace when there is an offer I cannot refuse. Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr Author 13 minutes ago, mspencer said: The Steam scam is widespread and has been going on for 5 years. I don't think they hacked your email. Have you logged into Steam recently in your browser? You probably clicked on a phishing link from Discord or your email, and gave them your password without realizing it. If you share passwords... well... you've given them your password everywhere... Thank you. The Steam scam is news to me. How does that work? That's what Steam told me too. That I was scammed. But doesn't a scam involve participation on my part? Steam said the proceeds of the theft were used to purchase something in another game, a game which I never heard of or have any interest in. In this incident I didn't do anything other than use the account for MSFS and another game (WARNO, by the way, which I would highly recommend for its graphics and as real-as-it-gets physics - and coincidentally, by French devs too - Eugen Systems). Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr Author 23 minutes ago, Patco Lch said: DuckDuckGo is a secure browser. I recommend them. https://duckduckgo.com/ Thank you. I did. I used duckduckgo for a year. Then I gave up. About 2 years ago? It broke my bookmarks after every Duckduckgo update. Very frustrating. Has it changed? Edited November 13, 20241 yr by bofhlusr Hardware: i7-8700k, GTX 1070-ti, 32GB ram, NVMe/SSD drives with lots of free space. Software: latest Windows 10 Pro, P3Dv4.5+, FSX Steam, and lots of addons (100+ mostly Orbx stuff).
November 13, 20241 yr 9 minutes ago, bofhlusr said: The thing is, as far as I know I did not receive the 2nd part of the two-factor authentication for the theft. And yet, the thief was still able to access my Steam account. Run a full malware scan on your system. If you clicked on a phishing link and your browser was logged into Steam, malware can steal the 2fa cookies from your machine and allow others to log into your account without needing 2fa. Whenever you have a compromise like this, it is important to change passwords. You should change your email password along with the Steam password that you already changed. Consider a password manager such as 1Password or Bitwarden, which can also store 2fa codes. Unfortunately, in the case of Steam, you need to use their mobile app in order to use 2fa securely (email and sms 2fa are better than nothing but not as secure as app-based tokens). You can find some more info on common Steam scams here: https://steamcommunity.com/discussions/forum/1/4041481833171822554/
Create an account or sign in to comment