1. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    It starts with a user having 10 rubles randomly appear in their Steam Wallet, it ends in having his account frozen for 9 weeks due to the actions of a Russian troll.

    [​IMG]

    [​IMG]

    10 rubles is roughly 30 cents, there is very little chance this was an accident. It seems like a very deliberate move which exploits the lack of validation the Russian pay kiosks use. Avoid ARMA, avoid Dota2, avoid any other game that may be popular in Russia. It is very easy for them to lock down your account, and Steam support take so long to set things straight.

    This probably isn't formatted correctly for your USN guidelines, but do you know who I am? Yeah.

    [​IMG]


    The fact that this makes it incredibly easy for anybody in a country that uses those pay kiosks to lock down another users account is VERY important. This shouldn't be a thing that happens. I'm hoping that if this spreads perhaps Steam will finally step up their customer support, remove the kiosks as a payment method until they implement a method of account validation, and put systems in place to never allow this to happen.

    Thanks for reading.​
     
    Deleted_171835 likes this.
  2. nukeboy95

    nukeboy95 Old skool member
    Member

    Joined:
    Aug 24, 2010
    Messages:
    2,275
    Country:
    United States
    source?
     
  3. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    The source is a private forum.

    This is literally breaking news, this conversation is still going on. I've tweeted a few news sites, but none of them will bother with it when "XBOX ONE OR PS4? YOU DECIDE!" is going on.
     
  4. AlanJohn

    AlanJohn くたばれ
    Moderator

    Joined:
    Jan 6, 2011
    Messages:
    3,642
    Country:
    Ukraine
    Fucking russians. Hopefully this will never happen to me, but I already have a lot of enemies in Russia...
     
    EZ-Megaman and DinohScene like this.
  5. TehSkull

    TehSkull Living the life
    Member

    Joined:
    Nov 29, 2009
    Messages:
    2,700
    Country:
    United States
    Jesus. 9 weeks is a LONG time when the Steam Sale is right around the corner.

    I'd probably just make a new account and buy all the games I want as "gifts" for my primary account, but still, that's harsh.
     
    Celice and nukeboy95 like this.
  6. chartube12

    chartube12 Captain Chaz 86
    Member

    Joined:
    Mar 3, 2010
    Messages:
    3,913
    Country:
    United States
    Can you even receive gifts on steam while you are banned from their store?
     
  7. nukeboy95

    nukeboy95 Old skool member
    Member

    Joined:
    Aug 24, 2010
    Messages:
    2,275
    Country:
    United States
    Poor guy, now he won't go bankrupt during the summer sale.
     
    luigiman1928 likes this.
  8. Gahars

    Gahars Bakayaro Banzai
    Member

    Joined:
    Aug 5, 2011
    Messages:
    10,254
    Country:
    United States
    With just a few rubles, Steam accounts are reduced to rubble. Hmph.

    You win this round, Russia.
     
  9. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    After speaking to a few people, the kiosks require the username you log into steam with. As long as you keep those private, don't get phished, or disclose them (I'm unsure if they still show up in server logs next to SteamID numbers like they used to) you should be fine. Unconfirmed as to whether you can transfer the money straight to a SteamID, but it still feels like a method Valve should not be using when those same kiosks allow them to add funds to a webmoney account, which they then need to properly log into steam to put in their wallet. The kiosks also require an account which has fraud protection, which made the chargeback easy.
     
  10. Gabelvampir

    Gabelvampir Free Mars!
    Member

    Joined:
    Mar 17, 2009
    Messages:
    455
    Country:
    Germany
    Keep the Steam account name private? A bit hard seeing many games use it as default multiplayer name. I haven't played much DotA 2, but as far as I've ssen you can't even change your screenname there, it is the Steam account name.
    So the only (temporary) solution would be to make a account just for DotA 2 in that case. But then you'll lose you online stats.
     
  11. Deleted User

    Deleted User Newbie

    you can change your screen name (I changed mine) xD
     
  12. Gabelvampir

    Gabelvampir Free Mars!
    Member

    Joined:
    Mar 17, 2009
    Messages:
    455
    Country:
    Germany
    Ah ok, I did not look that much for that option. So far I only played DotA 2 only at the last LAN party with some friends.
     
  13. MasterPenguin

    MasterPenguin GBAtemp Fan
    Member

    Joined:
    Jul 16, 2008
    Messages:
    424
    Country:
    Canada
    This isn't breaking news at all. People have been gifting people games (ie bad rats) and then canceling the payment, which freezes the account of whoever had it. This "exploit" is years old.
     
  14. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    ^^^^^^^ This is regarding russian pay kiosks, whilst gifting games and doing a chargeback does work to lock accounts, it is a separate issue that Steam needs to address. This is regarding adding funds to an account with no level of validation. There is no obvious guilty party, unlike the gifting scenario where Valve can punish the originating account.

    The actual username that you log into Steam. That doesn't change, no matter what you set your display name to.

    Somebody dug up another example of this happening in August 2012. Here's some poorly translated Russian.

    Source is a Russian Counter Strike forum csmania.ru.

    Steam knows about the issue, has known about the issue for almost a year, and done nothing to try and fix a system that allows you to add funds to an account without any method of validation or any checks to ensure account ownership.
     
  15. PsyBlade

    PsyBlade Snake Charmer
    Member

    Joined:
    Jul 30, 2009
    Messages:
    2,204
    Country:
    Gambia, The
    That's why there is the advice to reject gifts from random strangers.
    This new funds method can't be rejected.
     
  16. Minox

    Minox Thanks for the fish
    Former Staff

    Joined:
    Aug 27, 2007
    Messages:
    6,717
    Country:
    Japan
    Steam usernames do not show up in server logs and has not done so for the past 2-3 years or so at least. However, thanks to whoever designed the default Steam skin your Steam account name is openly viewable in the main window so it's probably for the best to be cautious regarding screenshots/videos of your Steam client being open unless you happen to use a custom skin which removes said stupid feature.
     
  17. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    Yeah, there's also the issue of "What's your steam?" forum threads where people may post their log in usernames instead of their display names. If some Russians just wanted to be jerks they could easily shut down a few thousand Steam accounts with some dedication and the same 10 rubles over and over.

    Somebody posted on Reddit, and it contains a bit more information as well as clarification from the person it happened to, and a few people chiming in and saying they have had similar issues happen to them or friends. http://www.reddit.com/r/Games/comments/1hf1qz/warning_russian_users_can_use_an_exploit_to_shut/

    It also has people blindy saying "Well the default form letter says he spent the money so he's obviously trying to scam steam!"

    Valve really needs to update their default form letters and not use the ones regarding chargebacks made on game purchases.


    Despite the fact they need your username to act maliciously against you, this can also be done by accident which will still cause your account to get locked down.
     
  18. nukeboy95

    nukeboy95 Old skool member
    Member

    Joined:
    Aug 24, 2010
    Messages:
    2,275
    Country:
    United States
    source multiplayer games are treble when it comes to that
     
  19. Jamstruth

    Jamstruth Secondary Feline Anthropomorph
    Member

    Joined:
    Apr 23, 2009
    Messages:
    3,462
    Country:
    So they just need the public half of our account details! PERFECT! I suppose the Pay Kiosks thought that nothing malicious could be done with it considering the most it can do is add to another person's account (a rather handy feature when you think about it)
     
  20. Law

    OP Law rip ninjacat that zarcon made me
    Member

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Country:
    The username you log into Steam with should be private, your profile/display name is public. The kiosks should be updated to require password validation though.

    It would be easy to find a list of usernames, and in some cases it could be easy to guess a username. My steam username isn't "law", but it's damn close to it.

    A steam representative replied to the twitter saying it was a support snafu, and that they were updating their tools to prevent it from happening in the future. He didn't comment regarding the automatic charge backs from the kiosks locking the account so they're being hush hush about that.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - regarding, exploit, Russian