hmm, I do have hope they mean with that the SteamGuard protected account in question. And it DOES send a mail.... after, to notify you of the change and a link to steam support, see below:
================================ Dear <snip>, This email message confirms that your Steam account contact email address has been successfully changed. We are sending this notice to ensure the privacy and security of your Steam account. If you authorized this change, no further action is necessary. If you did not authorize this change, or if you need additional help with your account, please follow this link to the Steam Support site and submit a request for assistance: http://support.steampowered. com/cgi-bin/steampowered.cfg/ php/enduser/std_adp.php?p_ faqid=197 Thanks for reviewing this information and helping us to maintain the privacy and security of your account. The Steam Support Team http://www.steampowered.com ===================================== I'd be against any "easy" like this. Maybe implement a "panic" button, where the old login info can be used for x time (3 days or some) after it got changed, and then the account can be locked with this by the real owner, only undoable by a support ticket. >________________________________ > From: Ryan Stecker <voidedwea...@gmail.com> >To: Mart-Jan Reeuwijk <mreeu...@yahoo.com>; Half-Life dedicated Linux server >mailing list <hlds_linux@list.valvesoftware.com> >Sent: Sunday, 22 January 2012, 17:53 >Subject: Re: [hlds_linux] Another high profile trader/admin hijacked. > > >There was a recent feature addition to steam that allows email changes without >confirmation for trusted computers. > >http://store.steampowered.com/news/7114/ > >I believe "trusted computer" in that sense means any account with SG enabled >and authenticated. That would make it a quite frightening change, and I >believe email confirmation should always be required. > >It may be possible he fell victim to this. > > > >On Sun, Jan 22, 2012 at 10:17 AM, Mart-Jan Reeuwijk <mreeu...@yahoo.com> wrote: > >I can confirm that he is: >> >>- Author on EventScripts >>- Admin on SteamRep.com >>- Reddit Admin "thorax" >> >>- And I did have a "slowchat" with him on a private section of a forum. He >>confirmed to me and others there that the security he listed there was as how >>he runs it. >> >> >> >>Quote from him from that forum's private section: >>I have to go to bed, but you can see my security precautions here: >>http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/ >> >>My password policy was numbers, letters, spaces, upper-case letters, but only >>9 characters on Steam. >> >>My passwords are different everywhere. He somehow disabled SteamGuard, >>probably remotely. >> >>If you recall, I helped datastorm review that hijack avoidance document. You >>pretty much don't get more paranoid than me. I run 3 types of >>malware detection and use Process Explorer multiple times a day to look >>for any unsigned processes running to identify exactly what they are. >> >>Whatever this hijacker's attack is, it's not something common and not >>something that we have good explicit tips for people to avoid. I'll >>continue brainstorming tomorrow >> >>*snip non relevant* >> >>As I may have mentioned, he told multiple people that he targetted me >>specifically because I tried to stop so many of the latest hijacks and >>because I gave people tips to stop hijackings (especially double >>hijackings). I'm sure money had something to do with it, too, but he >>told my wife he did it for the challenge. Well, he won. >> >>[/Quote] >> >> >> >>Shame that his collection with regaining the account will be duped, and >>therefore be worth a lot less. Also a pain that SteamGuard isn't the rigid >>security I'd hoped for >> >> >> >>>________________________________ >>> From: ics <i...@ics-base.net> >> >>>To: Half-Life dedicated Linux server mailing list >>><hlds_linux@list.valvesoftware.com> >>>Sent: Sunday, 22 January 2012, 16:11 >> >>>Subject: Re: [hlds_linux] Another high profile trader/admin hijacked. >>> >> >>>Thats a bit of interesting thing in any case anyway, as if that's really the >>>Mattie and he did have security in order listed on reddit and still was >>>hacked, then does Steam has security issues again (forums anyone)? >>>Steamguard ineffective? Interesting to see if he had the fault or Steam. >>> >>>-ics >>> >>>22.1.2012 16:43, Yuki kirjoitti: >>>> Correct! However, sorry to burst your bubble, but technically this is >>>> Source server administration related. http://mattie.net/cs/ >>>> While it may be on a tangent, there's no need to blacklist a topic like >>>> this from the list! >>>> >>>> On 22/01/2012 14:39, Alex Kowald wrote: >>>>> This mailing list is for source server administration related topics. >>>>> >>>>> On Sun, Jan 22, 2012 at 8:31 AM, Mart-Jan Reeuwijk<mreeu...@yahoo.com> >>>>> wrote: >>>>>> another high profile trader admin hijacked: >>>>>> >>>>>> http://www.reddit.com/r/tf2trade/comments/orbjk/iama_mattie_fellow_with_the_largest_unusual_tc/ >>>>>> >>>>>> steamID: Mattie! (busy - sorry) >>>>>> steamID32: STEAM_0:0:5712733 >>>>>> steamID64: http://steamcommunity.com/profiles/76561197971691194 >>>>>> customURL: >>>>>> steamrepURL: http://www.steamrep.com/index.php?id=76561197971691194 >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >>> >>>_______________________________________________ >>>To unsubscribe, edit your list preferences, or view the list archives, >>>please visit: >>>https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >>> >>> >>_______________________________________________ >>To unsubscribe, edit your list preferences, or view the list archives, please >>visit: >>https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> > > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
