CONCERNING STEAM - Please read!

I figured it was a good idea to post an announcement so people see this. There have been a wave of account hackings going on among members of the MG community lately, so I want to make a couple of announcements.

• Nerfarious and Arg have had their accounts hacked. If they attempt to contact you over Steam, please ignore them until it can be verified that they have their accounts back.
• If somebody attempts to contact you on Steam with a "bit.ly" link, please treat it with the utmost caution. If they really are your friend they won't have anything to hide by using a link shortener.
• The offending link that snagged Nerf and Arg is a site that's pretending to be a steam page. They claim to offer free games, and ask for your Steam name, Steam Password, Email Address, and Email Password to claim them. PLEASE NOTE THAT STEAM WILL NEVER ASK YOU FOR YOUR EMAIL ADDRESS AND PASSWORD.
• Now the bit.ly link directs to this: "http://storesteampowered.rr.nu/LimitedOffer/?". PLEASE DO NOT FOLLOW THIS LINK. If you click a bit.ly link and this appears in your URL box, leave the page immediately!
• Lets dissect this, shall we? People fall for this because they glance at the URL and see "storesteampowered", not noticing that there's no "." between "store" and "steampowered", and ignoring the rr.nu. The .nu domain is used most prominently in Sweden, Denmark, Norway, the Netherlands, and Belgium. Steam is an American company, so they would use .com.
• Also, please note the formatting errors and the excessive number of typos and grammatical errors. This means that the site was constructed by somebody whose first language is not english. All of the evidence above suggests this to be a phishing scam.
• If you have put information into this site on accident, then change your email and steam passwords IMMEDIATELY while you still have access. If the hacker has already locked you out, submit a ticket with Steam support and your email service. Also, do a system scan ASAP. Nerfarious claims to have found a keylogger installed on his system after this.

I don't care if some of this information is obvious. It's better that people who might not know about this find out before they fall prey to this scam. Be vigilant MG.

EDIT: Nerf and Arg both have their accounts back now. Even so, remain on guard.

 

Never this kind of info is too obvious, I assure you that there are ppl thay didn't have any clue of this things. Thanks for the info.

Just in case, I'll make an system scan today on all my computers. I would recommend all ppl do the same.

 

Thanks for the info. i have just changed my password to a better one , i hope i wont forget it

 

If you see your password below, STOP!

Do not finish reading this post and immediately go change your password -- before you forget. You will probably make changes in several places since passwords tend to be reused for multiple accounts.

Here are two lists of the top used passwords:


1. password

2. 123456

3.12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passwOrd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

Last year, Imperva looked at 32 million passwords stolen from RockYou, a hacked website, and released its own Top 10 "worst" list:

1. 123456

2. 12345

3. 123456789

4. Password

5. iloveyou

6. princess

7. rockyou

8. 1234567

9. 12345678

10. abc123

If you've gotten this far and don't see any of your passwords, that's good news. But, note that complex passwords combining letters and numbers, such as passw0rd (with the "o" replaced by a zero) are starting to get onto the 2011 list. abc123 is a mixed password that showed up on both lists.

Last year, Imperva provided a list of password best practices, created by NASA to help its users protect their rocket science, they include:

It should contain at least eight characters

It should contain a mix of four different types of characters - upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;" If there is only one letter or special character, it should not be either the first or last character in the password.

It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.

Following that advice, of course, means you'll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.

For example, "Now I lay me down to sleep" might become nilmDOWN2s, a 10-character password that won't be found in any dictionary.

Can't remember that password? Schneir says it's OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don't also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can't do that, at least develop a set of passwords that you use at different sites.

Someday, we will use authentication schemes, perhaps biometrics, that don't require so much jumping through hoops to protect our data. But, in the meantime, passwords are all most of us have, so they ought to be strong enough to do the job.

 

Let's have a minute silence for the people who have tragically lost their steam account

 

lol kitties my account didn't got hacked ? i just don't have the time anymore to go on steam everyday.. so just wanna let you all know, i still have my account and its in safe hands and its VERY secured!

 

Oops! Sorry, someone had said something about that so I thought you had been hacked! My bad, I'll change that.

 

I see mahhhh password do i win the lotto now? =p jk. I have a less common pw

 

trustno1 is Fox Mulder's password!

 

always use symbols andn umbers in your password. best way to protect it that way. as its harder for MD5 encrypters to decrypt it.

Also if someone have got hacked its mostly their own fault for being stupid.

If you ever get asked by an password through e-mail or having a website say " Login with your steam account here" it mostly a scammer site trying to get your password en information.

Also use different passwords on different website's etc. dont use your password more then twice on different games/website etc

 

Here's a tip.

If you get sent a bit.ly link or tinyurl

http://www.tinyurl.com/this

Do http://preview.tinyurl.com/this to see what it directs to

http://bit.ly/this

Do http://bit.ly/this+

and for http://goo.gl/this

Change it to http://goo.gl/this+

They all show what site it directs to - useful tip if you didn't know already.

 

STOP *flash* MAKING *flash* STUPID *flash* POSTS

On-topic:

How can anyone fall for this is beyond me.

 

thats what i said

 

Oh? That website again? Someone had sent me a link to it (about 3 months ago). Edit: Looks like that site is demolished by Steam now

Next time, if you end up in a situation like that, do me a favor and do what I do. It's a simple three step process.

1. In the Log-in box, enter FuckYouBitchSuckMyDickYouFail! Note that the username is exactly the maximum allotted 30 characters. If you want to, be creative and make up your own username.

2. In the password box, enter a sentence. Here is what I entered.
If you thought you could get my password that easily, you are a shithead. Who the hell would walk around stealing steam accounts anyway? They're worth nothing. Plus, you are probably sucking dick in jail right now. If not, you will soon. Look forward to it, criminal, because I reported you.

3. Now, press the log in button. The next time that bastard checks his sign-in log, he will see the above username and the personal message you left for him. Let's scare him a bit if we see him again

 

Full of win right thrre folks.

 

I read a good tip on passwords a while back.
First choose a secure one with capitals numbers and symbols obviously.
It is even better to have a few passwords for different levels of protection. Forum might be lowest, your bank highest.

Then for every website add on the first letter or two to the end of the password(or beginning)

this site would be
usernamemg

ebay would be
usernameeb

just to twist it that much more, but easy for you to figure out.

 

Wow, this is all really good information! I have just changed my password to MGis#1. No one will ever figure that one out! Thanks for the advice everyone. :doh:

 

never use your username in a password

 

I'm using swear words as my steam password