Phishing website taken down!

Earlier, I informed you guys about a huge scam that was going around Steam chat messages, telling you about a website where you could get free games

I did a considerable amount of research, and was able to find out the hosting company of this phishing website.

These hackers were able to change the passwords and e-mailaddresses of hijacked accounts. To change the password or e-mailaddress of an account, you NEED a confirmation code that is sent to you by e-mail.

***ZAP***

because this hacker was able to crack the confirmation codes for changing the accounts' e-mailaddresses and passwords.

[scotland372]

Quote:

Originally Posted by DashBerlin

Earlier, I informed you guys about a huge scam that was going around Steam chat messages, telling you about a website where you could get free games).

You would be better off just reporting the site to the mods. These scams go around every single day.

Quote:

Originally Posted by DashBerlin

I did a considerable amount of research, and was able to find out the hosting company of this phishing website.

Considerable? It's not that hard to find out the hosting company.

Quote:

Originally Posted by DashBerlin

because this hacker was able to crack the confirmation codes for changing the accounts' e-mailaddresses and passwords.

Sounds like bull♥♥♥♥ to me. Unless you have proof?


Or you could just read the support pages about not being a total internet tool.

[milkweg]

And to think I recently received a reprimand on my forum account because I pointed out that this whole email confirmation method is not secure and is a PITA to the Steam customer. Retribution! Those who flamed me can send an apology via PM.

[Tacograndex]

Quote:

Originally Posted by scotland372

You would be better off just reporting the site to the mods. These scams go around every single day.



Considerable? It's not that hard to find out the hosting company.



Sounds like bull♥♥♥♥ to me. Unless you have proof?



Or you could just read the support pages about not being a total internet tool.

You know the guy does one good deed and you go off pmsing. All I want to know is who jarateed in your bowl of cereal this morning?

Friends if mine that got hacked, have a DIFFERENT password for their e-mailaddress. There is no way these hackers could have gotten into their e-mailaccounts. So yeah: they found a way to crack the confirmation code. If you had read my blog, you would have understood, so please... read before you say something useless.

And yes: it took me a lot of effort before I got to the right guy (Network Security Administrator). I took all this effort without being a victim of this scam myself. A little "thank you" would be nice, pfff.

Also, I have an update for you guys: the hosting company can't provide us with personal data of the bad guy, unless you send them a subpoena.


US Citizens can easily file a complaint and get their court to write a subpoena. So, if you want a fee and you want this guy to go to prison, go to court! The hosting company has the data on this hacker.

[scotland372]

Quote:

Originally Posted by Tacograndex

You know the guy does one good deed and you go off pmsing. All I want to know is who jarateed in your bowl of cereal this morning?

Plenty of people (including me) report these scam sites every day. They don't come on here and try to be some sort of hero.

[Tacograndex]

Quote:

Originally Posted by scotland372

Plenty of people (including me) report these scam sites every day. They don't come on here and try to be some sort of hero.

Thats all well fine and good but I don't see any of the sites you reported taken down how about you stop being an internet thug and give the guy a pat on the back.

[scotland372]

Quote:

Originally Posted by DashBerlin

These hackers were able to change the passwords and e-mailaddresses of hijacked accounts. To change the password or e-mailaddress of an account, you NEED a confirmation code that is sent to you by e-mail.

Only if the account has been verified.

Quote:

Originally Posted by DashBerlin

Friends if mine that got hacked, have a DIFFERENT password for their e-mailaddress. There is no way these hackers could have gotten into their e-mailaccounts. So yeah: they found a way to crack the confirmation code. If you had read my blog, you would have understood, so please... read before you say something useless.

You just assume the code has been cracked, you don't actually have any proof for it. Your blog provides no evidence of a cracked code, apart from saying that the steam account password is different from the email account password.

Quote:

Originally Posted by DashBerlin

And yes: it took me a lot of effort before I got to the right guy (Network Security Administrator). I took all this effort without being a victim of this scam myself. A little "thank you" would be nice, pfff.

Well you could've reported it to Steam support and they would've done all this hard work for you.

Quote:

Originally Posted by DashBerlin

Also, I have an update for you guys: the hosting company can't provide us with personal data of the bad guy, unles you send them a subpoena.

lol, you actually thought they were just going to give out the guy's personal data?

[scotland372]

Quote:

Originally Posted by Tacograndex

Thats all well fine and good but I don't see any of the sites you reported taken down how about you stop being an internet thug and give the guy a pat on the back.

I don't post the sites I've reported since it's against the forum rules to post scam sites....

"internet thug" was funny though.

Quote:

Originally Posted by Tacograndex

Thats all well fine and good but I don't see any of the sites you reported taken down how about you stop being an internet thug and give the guy a pat on the back.

Thanks Tacograndex.
My goal wasn't to be some kind of hero. I received the message "OMG! Free steam games on this website >>> <<< CLICK NOW" 3 times already. Three of my friends got Hijacked, and weren't able to reset their password or e-mailaddress.

My only goal was to keep you guys informed, because there is nothing on the Interwebs about this scam. Nothing at all! Some 14y/o would made this website (telling from his source-code) and thinks he can get away with stealing accounts (worth thousands and thousands of dollars).

Now, scotland372: show some respect for the effort I put in this, or go spam your useless messages on another topic. Thanks.

[Tacograndex]

Quote:

Originally Posted by scotland372

I don't post the sites I've reported since it's against the forum rules to post scam sites....

"internet thug" was funny though.

And at the same time I bet 80%+ are still up and operating after being reported. Lay off the kid I know you are probably 12 years old and are angry the easter bunny didn't get you an Ipad but just chillax internet troll.

Quote:

Originally Posted by scotland372

Only if the account has been verified. You just assume the code has been cracked, you don't actually have any proof for it. Your blog provides no evidence of a cracked code, apart from saying that the steam account password is different from the email account password.

Whatever the reason may be, it is STILL a huge security bug that someone can change the password AND e-mailaddress without needing some kind of confirmation. I'm not a Steam security expert, all I'm saying is that this can't be right.

Would you be so kind as to stop spamming the topic? Because you're not helping anyone. Thanks.

Quote:

Originally Posted by scotland372

Well you could've reported it to Steam support and they would've done all this hard work for you.

Your trust in Steam Support is unbounded, mine isn't.

Quote:

Originally Posted by scotland372

lol, you actually thought they were just going to give out the guy's personal data?

If you knew anything, at all, about international cyber crime law, you would be smarter than posting such a stupid comment. They can easily be forced to open up their customers data.

Fact remains: I had this website taken down, and I informed the people that were harmed by this scam on who they can contact. Now shush and leave it be!

[scotland372]

Quote:

Originally Posted by DashBerlin

Whatever the reason may be, it is STILL a huge security bug that someone can change the password AND e-mailaddress without needing some kind of confirmation.

That's why you verify your account.... so that they can't change it without verification.

Quote:

Originally Posted by scotland372

That's why you verify your account.... so that they can't change it without verification.

These accounts WERE verified. All my friends had their e-mailaddresses verified. Logical conclusion: this hacker found a way around the verification code! Gosh, your deductional skills must be almost zero.

All I'm saying is: Steam developers should seriously have a look into this system, because it's not safe, as we have seen yesterday!

[scotland372]

Quote:

Originally Posted by Tacograndex

And at the same time I bet 80%+ are still up and operating after being reported. Lay off the kid I know you are probably 12 years old and are angry the easter bunny didn't get you an Ipad but just chillax internet troll.

How much are you willing to bet?

If I'm trolling then why do you keep replying to me? People who feed trolls are bigger tools than the troll.

As for the iPad, Apple are scum and can rot in hell.