Posted July 19, 2020
paranoia? maybe if you don't understand how things work and how it can be made to steal your data without you even noticing. But if you understand the process you'll call it a possibility. You must be one of these people who never updated their software to apply security fixes because you don't want to be paranoid about it, right? :)
Sigwolf: Has there been any proven evidence of anyone losing access to any gaming account as a result of galaxy 2 access? If this were actually a thing, do you think that maybe someone would be making it a big deal? I understand and appreciate caution, but paranoia can only get you so far...
it takes 2-3 times to enter your login with 2FA code and your steam account will be transferred to another owner. I bet you have seen multiple forum threads on steam about stolen account after using fake logins on 3d party sites. this is the same method any attacker can use in galaxy 2.0 plugins. thanks to its bad stability and constant disconnects one can easily overlook when galaxy asks you to login into your steam account and then shows login prompt again (like, it didn't worked last time), user enters it again with new 2FA code. what happens next? once data gathered and passed outside, bot already used your 2FA code to steal your account, plugin will crash galaxy to clear files. "Oh, this thing crashed, it is still beta". will you notice anything strange in that?
Post edited July 19, 2020 by djoxyk