Steam(y) Credential Load Proves Massive


With more than 35 million active customers, the Steam platform is a true honeypot for cybercriminal flies. A common scenario is that of spam waves sent out into the e-world disguised as genuine Steam e-mails to trick users into installing malware.

Alternatively, Steam login page lookalikes put on their best “honest to God I’m the real thing” face and manage to snatch users’ credentials in no time. While in the first case proof of the crime being committed may require a good chase (unless your e-mail address is on the lucky “to spam” list of the day). In the second case, evidence may come to your virtual doorstep by itself, courtesy of “paste your loot here” services.

If you think you’ve heard this story before, well, you have. Recognizability is a classic’s quality. So is perennity.  So, I’ll keep nagging you about this ‘till scammers’ hell freezes. These days, a list of Steam login information was posted on the internet. Most probably, it’s the result of a phishing process.

Yes, there’s a moral to this story.

Short version: strong passwords, one for each online account, plus anti-phishing protection RULE.

Longer version:

  • Activate your phishing filter, as well as any other security applications or suites before browsing the internet
  • Stay away from using a non-secured system. And if you truly have to use one, make sure you run the Bitdefender advanced scanning on-line free tool, Quick Scan, before going on.
  • If you use a wireless connection, make sure your connection is secured and encrypted and that you know and trust the owner of the access point.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.