Can your computer/Steam account get hacked by redeeming a Steam wallet code sent to you by another user?

steam

Solution 1:

It is possible. One of the methods of account recovery is providing to the Steam support team a game key code or wallet funds code that has previously been redeemed on the account (as per here).

If you redeem the code then the scammer can provide that code to Steam support, as well as proof of purchase, and gain access to your account.

Solution 2:

Possible attack scenario:

  1. Evil person creates a game with a very well-hidden malware. Steam's quality control is very lenient, but not non-existent. So it at least needs to look like a game. The malware needs to be a custom made one so it does not get detected by any known virus scanner (Valve does check every submission using virus scanners). So there is considerable development effort involved.
  2. Evil person pays the $100 listing fee to Steam, using a bank account which can not be traced back to them.
  3. Evil person uses personal information acquired by identity theft to complete the Steam paperwork, so the game gets listed.
  4. Evil person sends you a free Steam key for their "game", hoping you install and run it.

In order to pull this off, Evil Person would need to pay $100, wait several weeks for the Steam Direct process to complete and commit identity theft to avoid getting caught. And it does not scale, because when they send keys to too many users and one of them finds out it's malware and reports it, the game gets depublished and they need to start from the beginning. So it would only be worth it if you are a high-value target and they are sure they can convince you to actually run the game.

Solution 3:

If the Steam Wallet Code you received is of the correct format (which, IIRC, Steam prints in the redeem-wallet-code-dialog) and if you enter it manually into Steam then using that code is safe no matter where it comes from. Steam may or may not accept it, but there's no risk of being hacked that way.

You should, however, not copy-and-paste that code into Steam, since a manipulated code could in theory contain a character sequence that is invisible to you but that exploits a weakness in Steam to hack the application (and by extension possibly your Steam account as well). This "attack vector" is not very likely, but it is theoretically possible.

Related

In Civ5, is there any point to immediately annexing a city?
Boss Ordering in Mega Man
How can I earn kills with Hanzo's Scatter Arrow?
Does Shuckle really produce Rare Candies?
Can I play games made for Windows on a Mac?
How much data will a 12550824 x 12550824 world take up in Minecraft? [duplicate]
Hearthstone opening strategies: why waste mana?
What's the point of using a pistol?
How to extract a floating number from a string [duplicate]
Variable name as a string in Javascript
How can I trigger a JavaScript event click
Only variables should be passed by reference