Thwarted. Maybe. Temporarily.

Kinja'd!!! "Full of the sound of the Gran Fury, signifying nothing." (granfury)
07/15/2019 at 09:50 • Filed to: None

Kinja'd!!!0 Kinja'd!!! 15
Kinja'd!!!

According to Stream, someone in Nigeria attempted to access my account last night with the correct username and password. Crap. I’m not sure how the scammers got that information, but now everything is in question - any other accounts that may use the same password (yeah, I know, I know...) as well as the integrity of my systems. It’s going to take a while before I feel confident to do much of anything online, and this right after I hooked up my lighting, thermostat, DVR etc. for outside access.

Everybody and everything is now suspect...


DISCUSSION (15)


Kinja'd!!! facw > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:09

Kinja'd!!!1

Oof, time to change the passwords for everything that uses that password (or a similar password), at least banking, email, and stores . And before that, yeah maybe run malwarebytes in addition to whatever you normally use. And definitely sign up for two factor authentication with Steam (and probably anything else that supports it).


Kinja'd!!! Not a Sunburst Miata > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:10

Kinja'd!!!3

do you use the same password on your steam account as any other account?

attackers often use a method called password spraying , where they take emails and password combinations from other breaches and try them on unrelated sites. Most people use the same password for multiple accounts, so this method works pretty well.

Use a password manager like LastPass, and generate a unique password for each account you have.

Some of my blogs on the topic

https://securitymoe.com/2018/04/i-found-83-of-my-contacts-passwords-in-a-data-dump/

https://securitymoe.com/2017/10/the-dos-and-donts-of-passwords-and-why-you-should-be-using-a-password-manager/


Kinja'd!!! random001 > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:11

Kinja'd!!!1

Get a lastpass account, auto generate and auto change passwords when you can.


Kinja'd!!! RallyDarkstrike - Fan of 2-cyl FIATs, Eastern Bloc & Kei cars > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:15

Kinja'd!!!1

Just start changing all your passwords, and run a malware scan on your PC with Malwarebytes Free and the HitManPro trial , see if they find anything and they can remove it.

More importantly though, change your passwords.


Kinja'd!!! TheTurbochargedSquirrel > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:20

Kinja'd!!!2

Double check that the email actually came from Steam before you go too crazy. It's super common for scammers to send fake emails saying someone has accessed your account in the hopes that they can get you to put your password into a fake password change screen.


Kinja'd!!! TheBloody, Oppositelock lives on in our shitposts. > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:25

Kinja'd!!!1

I addition to getting a program like lastpass or 1password, enable two factor authentication on EVERYTHING POSSIBLE. I’ve also gone so far as to have T-Mobile require sim card changes on my account to be done in person at a store with valid drivers license because I use my phone as my two factor auth key (google authenticator, text message ect...) .


Kinja'd!!! punkgoose17 > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:29

Kinja'd!!!1

This is why I don’t save my payment information anywhere, just in case.


Kinja'd!!! Full of the sound of the Gran Fury, signifying nothing. > TheTurbochargedSquirrel
07/15/2019 at 10:31

Kinja'd!!!0

That was the first thing I checked as I've seen dozens of attempts, but it was right after I woke up and was still a little fuzzy. I'll double check that shortly.


Kinja'd!!! facw > punkgoose17
07/15/2019 at 10:36

Kinja'd!!!2

Not saving your payment info can actually put you more at risk. It means that you have to enter it each time, increasing the chance that someone can snag it when you do so. So instead of being able to order stuff from one place on your account, they can order from anywhere.


Kinja'd!!! Full of the sound of the Gran Fury, signifying nothing. > Not a Sunburst Miata
07/15/2019 at 10:37

Kinja'd!!!0

I do use a password manager, but do have some duplicates, although the passwords for anything financial are definitely different than other common accounts. I figured that this was a probably part of a spraying attack but will still go around and change everything, everywhere.

I did spend a few years during my IT career in security, but it was such a depressing part, with success meaning that nobody notices what you’ve done and the absolute best you can do is to  rise all the way up to -zero-.


Kinja'd!!! TheTurbochargedSquirrel > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:41

Kinja'd!!!1

Check that the sending address is correct and doesn't have any typos and then hover over all the links in the message to make sure they actually go to steam and aren't shortened or redirecting. Even if they look legit change your password by going through steam, not through the links in the email.


Kinja'd!!! Not a Sunburst Miata > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:50

Kinja'd!!!1

I’m on the offensive side of security, so its not as thankless as the defensive side. We get praised when we find failures of the blue team. 


Kinja'd!!! Akio Ohtori - RIP Oppo > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 10:55

Kinja'd!!!1

You might check “Have I been Pwned” which will tell you which breaches your email address comes up in.

https://haveibeenpwned.com/


Kinja'd!!! jimz > Full of the sound of the Gran Fury, signifying nothing.
07/15/2019 at 11:11

Kinja'd!!!0

also wise to enable Steam Guard two-factor authentication. 


Kinja'd!!! Full of the sound of the Gran Fury, signifying nothing. > jimz
07/15/2019 at 11:13

Kinja'd!!!0

I do have that enabled, and that’s what alerted me to this situation.