lol, google "passport scan" and you get over 2 million picture results... are YOU kidding me? I'll never scan my passport and put it on the internet for w/e. Exactly for this kind of reason.
Stop proposing bad measures. SteamGuard was a step in the right direction. Now, to improve the policy's it shouldn't rely on stuff that was either stolen from valve back at the spuf hijack, or easy obtainable with average users. I'd love 2 step login for steam like gmail does, I'd love rsa token or some like that. That account had what? 20K worth of items? bit of better protection then some personal info that is quite easy to get with most honest ppl. And anyways, I do believe Mattie had previous calls with steam support, how can another steam support account then be regged to it, without raising flags that some is going on. Especially when the account had not moved IP / host computer prior and was in active use while the whole call was running (no idea, on average it takes 3-5 working days before support looks at things I believe) ? and then the support ticket is made with prolly a proxy IP connection.... I'd say a serious lack of obvious things that can be looked at, with a nice and easy query. One look at those combination and they would have known some was wrong. They should have plenty of data on "hijacks" and such, and be able to see if a hijack is in effect by scoring the parameters. meh. With the ammount of hijacks that are seen nowadays, is the number of hijacks (in w/e form) after around 9(?) months or so of SG really that much lower? Oh, and btw, why is in every mail that steam sends the account login name? there is no need for that. That would have prevented that the guy could have logged in, for Mattie stated that he didn't had a login name with which he was associated. Not sending such info thoughtless along would be a nice first step. The account creator should full well know what the login name is. If not... I Would put the nickname that the account currently is using there instead. Or maybe the "custom" part of the custom URL, or the ID64 link. >________________________________ > From: "javato...@yahoo.es" <javato...@yahoo.es> >To: Half-Life dedicated Linux server mailing list ><hlds_linux@list.valvesoftware.com> >Sent: Monday, 23 January 2012, 0:51 >Subject: Re: [hlds_linux] Another high profile trader/admin hijacked. > >you kidding me? even blizzard ask for a passport scan copy in case you want to >change any info. > >> "*Edit5*: The hacker used personal information about me to convince Steam >> Support he was me and get them to give their account to him. So none of the >> above technical approaches fell victim, but he did have access to enough >> personal information to social engineer his way in. I haven't been as >> paranoid careful about my identity as I should have been, so be careful with >> yours!" >> >> What a twist. This should not be possible. >> >> -ics >> > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
