Oh hai! I got those!
This scares me… i dont wanna get hacked!
It’s kinda funny how my college is so adamant about account security, even forcing us to change our account passwords every 3 months. And yet there is one huge freaking vulnerability;
People are expected to enter their password into as many as 15 different-looking sites at RIT.
The worst part? People can create their own sites on the RIT network. So for instance, if I use my Website Design class’ webspace to make a site at people.rit.edu/myname/authrequired and say “Enter your RIT username and password” honestly no one would think twice. It’s really dumb.
I actually have to admit I did once fall for a “steamtournament.ca” address and entered my password; but about a second later, I realized my horrible mistake, immediately changed my password and never looked back on the old one.
Honestly, with around 175 games in my account, I really think Steam should be thinking about verification that goes beyond a simple password.
^lol my college does it every four months, but i always end up forgetting the one i chage it to, then having to call to get it reset to the default password. i think i’ve had to do that like three times now.
i got jacked once. funny thing was he didn’t steal any of my unredeemed gifts. don’t accept and friend or even sometimes group invites, and don’t click on any links from people you don’t trust. even if they are your legit friend, still be careful. and never log in if someone links you the steam homepage.
the email verification should make it tons harder to hijack the account. If you folks have not already done this I suggest you do it. It was only made available just late last year.
See, another thing I really think they need to look into is the CCV code for credit cards. Basically, even when it remembers account information, at LEAST ask for that so they know that your card is physically there.
Otherwise, someone stealing the account could load up 15 games from the store, and gift them to another account.
yup! And then those folks could possibly risk losing the whole account on the basis of fraud.
Maybe, but you don’t get the money back I think, and they could gift it to random people. Perhaps in exchange for a legitimately bought game? Just pretend they didn’t mean to buy it or something.
Those people would get their accounts banned, and the person who did it would get off with a bunch of free games.
Anyway, I agree that you should have to have the card present, even if it’s simply so you don’t accidently buy something with the wrong card. I’ve done that before. 
I have seen two scenarios happen on the steam forums:
-
Schmuck steals a card from his friend or where ever and purchases a bunch of games on a disposable steam account, and then ‘gifts’ them to people that pay him on the side at a discount rate. Those folks go get their ‘gift’ and attach it to their longstanding account. A month later the card had been reported stolen and all the original purchases are reversed. The chargeback causes the ‘gift’ game to be revoked.
-
All the above accept in some cases, I have seen this also get the whole account disabled.
(VAC is actually something else entirely and deals only with cheating infractions.)
This is why you should always be careful accepting gifts; Steam has the right to disable your WHOLE account if something you’ve received was attained illegally. They don’t always do it, but you should assume they will.
I received a fun little message just a few minutes ago. The guy’s joined 70 groups, solely for the reason of messaging people, and has 14 friends, most of which have gibberish names. (presumably alt-accounts)
I think I’ve been spammed by that same guy. :fffuuu: