Question Regarding Account Security Layers
|
Any malicious 3rd party application could steal your login credentials (via a keylogger for example) and then act as proxy to use your internet connection, effectively circumventing any 2FA Emails allowing direct access.
Last edited by duketwo#2000 on Jan 1, 2025, 8:18:35 AM
|
|
" Thank you for sharing this perspective. However, it’s worth noting that there have been multiple reports from players stating they did not use any third-party tools, and some even changed their passwords shortly before being hacked. Additionally, many of these players have claimed they did not visit any dubious websites, had 2FA enabled on Steam, and only used the official trade site. If the cause were third-party tools or user-side vulnerabilities, this would imply that all affected players made the same mistake—even those who have taken these precautions—which seems unlikely. It’s also worth mentioning that the new location prompt for the standalone client works as intended during normal use, further raising questions about how these compromises occurred without triggering security measures. GGG has confirmed that their systems are functioning normally, but the consistent reports suggest there’s more to this situation than user-side errors alone. |
|
|
If you consider the number of reports on Reddit and here in relation to the total number of concurrent players, it’s still a very small percentage.
Looking at the numbers, there are currently around 280k players active on Steam alone. It’s reasonable to assume that a certain percentage of users may unknowingly have some form of unwanted backdoor or malware installed. It may not be a single mistake that everyone is making; it could also involve multiple hackers using different methods. The price of divines remains relatively high, which is quite unusual two weeks into the league. This elevated value could further motivate hackers from economically disadvantaged regions, as even a smaller number of divines can translate into a significant amount of money. Last edited by duketwo#2000 on Jan 1, 2025, 8:54:39 AM
|
|
" Thank you for the additional context. While I agree that economic motivation could increase the incentive for hacking, it also raises the stakes for ensuring robust security measures are in place. If hackers are motivated by the high price of divines, they’ll likely target systems or processes that can be exploited at scale rather than relying solely on isolated user-side vulnerabilities. The suggestion that a certain percentage of players may unknowingly have malware or backdoors installed is worth considering. However, many affected players likely use trusted security tools like Malwarebytes or others in the same category, which don’t appear to detect these alleged threats. If malware or backdoors are the cause, it suggests either these tools are insufficient for detecting such advanced methods or that the issue may not be purely user-side as assumed. GGG’s assurance that their systems are functioning normally is noted, but without confirmation of a comprehensive review of these systems, it’s hard to rule out server-side factors entirely. Transparency on whether safeguards are being reevaluated in light of these reports would help address both economic and security concerns. |
|
|
While tools like Malwarebytes are trusted, most antivirus solutions are fingerprint-based, relying on known signatures. This makes it entirely possible to create malware, such as keyloggers, that evade detection for a longer period of time, especially if they use custom techniques.
Hackers typically target low-hanging fruit—users with weak defenses—because it’s easier and more efficient than breaching secure systems. If the issue were server-side, it would likely attract even more hackers now that it’s in the spotlight, leading to a surge in attacks as they rush to exploit the vulnerability while it lasts. The lack of such an increase suggests user-side vulnerabilities are the more likely explanation. |
|
" Thank you for the detailed explanation. I agree that advanced malware could avoid being detected by tools like Malwarebytes, and hackers often go after “low-hanging fruit” first—accounts that are easier to compromise. However, server-side issues wouldn’t always cause a big spike in attacks right away. Hackers might try to stay unnoticed while still taking advantage of the issue over time. Also, many of the affected players have said they’ve taken strong precautions—using 2FA, avoiding third-party tools, and keeping their accounts secure. This doesn’t fully match the idea that only “low-hanging fruit” are being targeted. If it was just user-side issues, it’s strange that so many careful players are affected. GGG has said their systems are working fine, but they haven’t confirmed if they’ve done a full review to check for hidden issues. Clearing this up would help players feel safer and settle some of these questions. |
|
|
I believe it's a bold assumption that they would still try to stay under the radar after being in the spotlight and investigated by a security team. The likelihood of a problem with that magnitude going through unnoticed after it was revealed is close to zero. It would be much smarter to milk it while it lasts
Also, why aren't they targeting high profile accounts? To stay under the radar? Well, why did they hit a streamer then? It just does not fit. It looks like they can't target specific players, which points into a different direction than server side. Last edited by duketwo#2000 on Jan 1, 2025, 10:10:53 AM
|
|
" Thank you for the response. While it’s true that large-scale server-side issues are often easier to detect and address, it’s also possible for more subtle vulnerabilities to persist if not thoroughly reviewed. Without GGG confirming that such a review has been conducted, it’s hard to fully rule out this possibility. Hackers don’t always need to act on a large scale to exploit an issue effectively. By selectively targeting accounts, they could remain undetected for longer, especially if the compromise isn’t tied to obvious patterns like massive spikes in activity. This could align with the consistent reports from players who have taken precautions but were still affected. It’s equally bold to suggest that everyone who has taken precautions—such as using 2FA, avoiding third-party tools, and maintaining strong account security—is somehow making the same mistake. This doesn’t seem to account for the patterns reported by affected players, which suggest something more complex is at play. The key question remains whether GGG has proactively investigated these reports beyond user-side factors, as transparency on this would provide much-needed clarity for the community. " Thank you for bringing up this point. The mention of a streamer being affected is interesting, but it doesn’t necessarily rule out server-side vulnerabilities. Hackers may choose targets based on visibility or perceived value, which could include both high-profile and regular accounts. A mix of targets could be part of a deliberate strategy, rather than a sign that they "can’t target specific players." If the method being exploited is systemic, the targeting might still appear selective, depending on how the vulnerability is used. As another speculative possibility, coordinated efforts by RMT (Real Money Trading) organizations could be involved. These groups may work together to test vulnerabilities and experiment with different methods to avoid large-scale detection while still benefiting from systemic weaknesses. Of course, this is just one of several possibilities, as nothing has been proven or confirmed yet. The truth may lie elsewhere entirely. Until more is known, it’s important to remain open to different explanations, given the lack of concrete evidence for any one cause. Last edited by waitingforunlock#4272 on Jan 1, 2025, 10:35:26 AM
|
|
|
xxddddddddddddddddddddddddddddddddddd
ggg xddddddddddddddddddddddddddddddddddddddddddd |
|
" |
|
