Steam Inventory Helper May Be Compromised??

[Loaferman]

ATTENTION: There is a possible breach of the Steam Inventory Helper Plugin on chromium based browsers. If you use it, for your safety, please GET RID OF IT, for the time being. Thank you.

 

I got this info from Chewy, his friend apparently lost 500+ keys because of this plugin(not 100% positive), but I will update this on anymore info that I get. Stay safe traders :3!

[Loaferman]

It looks like it's steam inv helper, looking at neg reviews rn with chewy and a ton of ppl have been scammed from this extension. 

[Zeus_Junior]

Could you provide links to the sources you're referencing

[Beaser]

This is old news but people should defintely be aware of add ons that take control of your account or leak passwords.

Another thread from  reddit last year 

I use steam trade offer enhancer which is similar, make sure its the one made by juliarose https://github.com/juliarose/steam-trade-offer-enhancer

[Loaferman]

Thank you for posting this, I only just heard about all this crap this not even 10 minutes ago x.x

[Loaferman]

I use the julia script as my main one, search "julia script" in bp forums and itll be the first post on how to set it up. 

[NobodyNose]

Best not to fear monger without proof. I don’t logically understand how an extension could somehow make your items disappear. I can believe accounts getting hijacked through this “hack” but your items cannot disappear like that. Even if they set up an API code, your items are safe as long you stay vigilant, double check any trade offers, get rid of the api code, and deauthorize all other devices.

[Mickey Mouse]

So your source is that someone says it happened to them and "trust me bro"? That's it?

 

I don't use Steam-inventory-like browser extensions as a matter of general policy, but please have some actual evidence first!

[Mickey Mouse]

Just now, NobodyNose said:

Best not to fear monger without proof. I don’t logically understand how an extension could somehow make your items disappear. I can believe accounts getting hijacked through this “hack” but your items cannot disappear like that. Even if they set up an API code, your items are safe as long you stay vigilant, double check any trade offers, get rid of the api code, and deauthorize all other devices.

Browser extensions can do more than set up an API code-- for example, they could block requests. However, I would want to see some actual evidence of SIH causing someone to be scammed first. So far all that's happened is someone says that someone else was scammed and they say that that someone else says SIH caused it. That's it. No tangible evidence has been provided whatsoever

[Loaferman]

im trying to get proof from the person who got scammed right now, he was locked out of his account but he just got back into it. 

[Loaferman]

having chewy and the guy who got scammed join the bp.tf discord to talk about it in trade discussions incase anyone wants more info, go there

[Littlepudintater]

Been using it for like the past 9 years no problem, just seems like paranoia blaming once again, actually the ads are annoying as fuck that's my only complaint tho

[Loaferman]

Its been considered that the source of the scam and account hijack isn't inherently due to JUST SIH, it is still entirely possible although. Stay safe out there and use caution when logging into steam on sites.

[Loaferman]

Do you think this guy that got scammed could have just been api phished from a fake steam website or something?

 

[Loaferman]

Cause i've been thinking about it and it could totally be a possibility 

[Zeus_Junior]

Yes, that's possible. Was that not suggested several times on the discord?

[Loaferman]

Makes me think if i even should keep those announcements up or not tbh

[Loaferman]

Thoughts?

[Loaferman]

6 minutes ago, Zeus_Junior said:

Yes, that's possible. Was that not suggested several times on the discord?

Honestly all the joking and poking fun at the guy who got scammed def distracted me, felt really bad for that guy since he was in there reading everything. Thinking a lil clearer now but I may have been slightly mislead about the details on this whole situation 

[chewyjava]

IMPORTANT: SIH is not directly involved that we know of at this time, possible ads/fake steam cites/API breaches are still being considered. WHAT WE DO KNOW is that due to this breach of the users account, they have found the origin, as well as the intention of the scam. This user logged into their account at the perfect time and received a DM from a friend asking why they were selling their items so cheap, to which they IMMEDIATELY logged out all other devices, stopping the scammers in their tracks. All items were being sold from their inventory for under a dollar to bypass the confirmation system to various buy orders put up by people completely uninvolved and unknowing. After this, the steam funds were then used to purchase extremely overpriced items in DOTA, at 55$ each when all listings are about 3 cents on average. Assuming that this person who all of the 8 items were bought from is involved, they now have over 440$~ in their steam account, ready for use at any time. It does not directly involve TF2, and it can be assumed that the goal of the scam was for access to the funds involved and was most likely disclosed in a breach of this user's info. Everything is being discussed with steam staff and support.

[RussellSproutz]

This is a very interesting case ngl

[ThatCowHugger]

Infodump time.

Context: convo between myself and victim.

accounts linked are the ones he linked to me. 

https://steamcommunity.com/profiles/76561199271829171

https://steamcommunity.com/profiles/76561198842002563

https://steamcommunity.com/profiles/76561198841963922

[ThatCowHugger]

[ThatCowHugger]

2 missing screenshots from earlier, my apologies.

[Littlepudintater]

so much text for so little information  this isn't a unique situation this has happened before.