this post was submitted on 14 Jan 2025

151 points (96.3% liked)

Privacy

33189 readers

769 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

151

I don't know what to do with this information (lemmy.world)

submitted 2 weeks ago by [email protected] to c/[email protected]

63 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

https://www.troyhunt.com/experimenting-with-stealer-logs-in-have-i-been-pwned/

[–] [email protected] 0 points 1 week ago (1 children)

That would mean you have a virus on your PC not that Steam DB has been breached, right?

[–] [email protected] 0 points 1 week ago (2 children)

If there is a virus on someone's pc, the antimalware software would notice it, not have i been pwned. Idk who bought this bs up. Steamdb WAS breached. Not my pc was compromised, but Steam

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

I have not read the whole article because I'm to lazy but here is a picture from the article you posted. Antimalware is not perfect and cannot detect every threat on your PC. There have been cases of game developer accounts being hacked and then updates being pushed through those hacked accounts including stealer malware / spyware which would then be installed on your PC, which is not a Steam Database breach but a Steam Developer Account Hack. Maybe Steam should have stopped those updates IDK I'm no malware expert. EDIT: Btw. the last Steam Database breach I could find in my 2 mins of searching the web was in 2015.

[–] [email protected] 0 points 1 week ago

That didn't happen in my case, since i do not update my games, as they are mostly downloaded from fitgirl repacks

[–] RvTV95XBeo 0 points 1 week ago (2 children)

I think you missed the entire premise of the article you linked - the "stealer logs" mean someone logged into your account on a system that had been breached (infected with malware), and the "stealer" "logged" those credentials.

Also, SteamDB and Steam are two very different things. SteamDB is an independent third party offering that just tracks Steam data via their API.

[–] [email protected] 0 points 1 week ago (1 children)

Steam notifies about every login attempt and 2FA is also set. No way they could do that without me noticing. Haveibeenpwned only reports central database leaks, not user-side leaks

[–] RvTV95XBeo 0 points 1 week ago (1 children)

Nasty stuff, stealer logs. I've written about them and loaded them into Have I Been Pwned (HIBP) before but just as a recap, we're talking about the logs created by malware running on infected machines. You know that game cheat you downloaded? Or that crack for the pirated software product? Or the video of your colleague doing something that sounded crazy but you thought you'd better download and run that executable program showing it just to be sure? That's just a few different ways you end up with malware on your machine that then watches what you're doing and logs it, just like this:

These logs all came from the same person and each time the poor bloke visited a website and logged in, the malware snared the URL, his email address and his password. It's akin to a criminal looking over his shoulder and writing down the credentials for every service he's using, except rather than it being one shoulder-surfing bad guy, it's somewhat larger than that.

Seriously, read the article you posted. YOU probably attempted to log in and the virus on YOUR computer you seem to be in HEAVY denial about captured your info. You're lucky the 2FA probably prevented the people who are are logging activity from your PC from accessing your Steam account.

The article you posted clearly defines stealer logs, and the email you screenshot clearly says your info is in a stealer log breach - I don't know what more to say. You clearly have all the information you need, you just don't want to process it.

YOU LOGGED INTO STEAM ON AN INFECTED COMPUTER AND ARE PROBABLY STILL USING THAT SYSTEM. YOUR COMPUTER HAS A VIRUS.

[–] [email protected] 1 points 1 day ago (1 children)

that's not something haveibeenpwned would ever know about

[–] RvTV95XBeo 0 points 1 day ago (1 children)

Man, the denial runs deep.

HIBP works by finding big databases of stolen information on the dark web. Usually these databases are attributed to websites that have been breached.

In the case of "stealer logs" though, the databases are full of logins to a bunch of different websites, instead indicating it comes from hacked computers.

They, and I, can't truly say for certain that your computer was hacked, so instead they have to make vague statements like "someone attempted to log into your account on a compromised computer". That information went to the hackers who developed the virus, and they posted it online. They don't know your computer is infected, just that your information ended up in a pile with a bunch of other people's whose computers were infected.

The person logging in could be you, could be anyone, they may not have even gotten in, but the #1 most likely scenario is you logged into your account on your computer while a virus was running in the background capturing information.

Your computer being the one with the virus is made 1000x more likely because you mention in previous posts that you use pirated software.

If you pirate software, and you get a HIBP stealer log notice, I'd wager there's a 99.7% chance someone snuck a keylogger into one of the programs you downloaded.

[–] [email protected] 1 points 1 day ago (1 children)

i only download from dodi's and fitgirl repacks official site. I barely log into steam once in 2 months.

[–] RvTV95XBeo 0 points 1 day ago

Cool story bro. There was (and likely still is, because you clearly haven't found it) a keylogger on your system when you logged into Steam at some point.

You can continue in denial if you want, it literally makes no difference to me - I'm not the one getting HIBP Stealer Log emails. Just trying to warn you, I wouldn't log into anything you care about getting hacked until you find out what caused the breach.