• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

My steam got compromised today


Super Dainty Moderator
Staff member
Aug 16, 2005
24,532 (3.77/day)
System Name Venslar
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) 3x Gigabyte M28U (4k IPS)
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop Kato's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard DROP CTRL HP Lavender, Moondrop Tessence, StupidFish foam, Everglide pads
Software Windows 11 x64 Pro
Benchmark Scores I dont have time for that.
Tonight I received some messages from fellow members and friends from other walks of life about my steam account.

Apparently I had been sending messages asking them to click on a link and vote for an e-sports team.

At first, I was initially confused about this. I utilize steam guard and 2FA and have for years. However, several people had reached out, and with screen shots. So this was not something that was a case of mistaken identity.

Lets dig in.

First thanks, if you are one of the TPUers that reached out. You were all some of the first and there are a few of you.

Lets take a look at account security first.

Steam uses a few layers for a few different things. In the case of account security, we have steam guard.


Steamguard, is a 2FA based system that sends a code when a machine it is not familiar with requests account access. It is important to understand how systems like this work.


A PC is given a UniqueID like an authentication token. This is issued after a successful login with the addition of a 2FA key. Once the token is generated that login instance is "trusted" and the login is perpetual until:

The token is invalidated
The session is manually logged out (the token is force expired)
The token naturally expires

The token is likely generated based off of multiple truths. Such as a machine or system Id, an installation Id, geography etc. When one of these changes enough the token is invalidated and account re-authentication is required.

Steamguard however, as an additional barrier of entry you can put in place. After all. Emails can be hacked. So, steamguard allows you to utilize the steam app as the primary 2FA key generator if you have it installed on your phone. Thankfully, thats exactly what I do.

So lets take a peek at how I think I got got today.

We sit back and realize, that all of the communication I am getting is outside of official steam channels. This is important, so lets take a look at steam.

I have two primary modes of login with steam. My desktop, and my phone. Since I was on and have access to both, it was odd to me that I did not notice any odd behavior.

A quick screenshot shows me that it is infact me.


Odd, I received no 2FA request, or email about account access. Its also odd that I received no response from these people on my desktop or my phone, when they responded back.

Lets take a look.


This makes more sense, its clever. After outreach, it appears the accounts are then blocked. This prevents me from receiving the notifications on my desktop or phone.

Steam does not allow users to investigate connected accounts or devices on their accounts, however while I do not have a screenshot of this I did notice machines I did not recognize in my family shared library. All were promptly removed.

Steam however, DOES allow us to deauthorize all devices connected. We will do this before the password change.


After the de authorization everything was booted. At this point we reset the password. Of course we will make sure that all of the information such as email is correct first.

Understandably it is. This is important to know.

After the reset, and reconnect to 2FA I log back in and do the responsible thing and message everyone that appeared affected. Save for the people I was already in contact with on the outside.
By blocking the users, it gives me a list to work with in reverse, this is actually nice of them, because steam does not have a recent chat history in regards to "recently sent messages". So if the users were not blocked I would not have known who was affected.

Of course, if they did not do this, then I would have received the messages and this would have been over sooner.

So what about purchase history and account info?


Nothing. None of my account settings are modified either. This brings us back to what I mentioned about 2FA alerts. If you wanted to make a purchase, I would get emailed. You wouldn't want that so you would need to change the email, you would also need to do this if you didn't want me to gain access to my account. However 2FA prevents this because you must always authenticate to change this information.

This leads me to the point of compromise, multiple services on the net utilize steam as a tie in service. Even popular browser extensions. While things like browser extensions are obviously something I avoid, this breach given the information we know, points to a breach of an extension service. This is further backed up by the fact that it would need to have a current persistent connection or risk tripping 2FA. I am guilty, of having things linked to steam, Uplay for one, origin as well I believe etc etc. Others may have other things, such as Discord.

What is the point of the link though? Lets take a look at what it was that I was trying to spread.

Our link is hxxps://intelextremeseason[.]com/?r=Team-TryHard

The site has a fancy video of some e-sports tournament playing, and some official intel stuff.

Lets take a further look.

Our cert is valid and pretty new. About two days old. Provided by a reputable company.


The "Got it" link takes us to a redirect however that is not the origin site.


When we click on this, we are brought to hxxps://authextremeseasons[.]com

It is here, that we see why the message is being sent. In this case it is a credential farm attempt.


We are given a fake steam login page complete with a fake SSL picture.


The URL is actually inserted manually


Lets take a look at our domains.

It appears both were registered yesterday at namecheap


intelextremeseason.com is already registered*

Registry Domain ID: 2579601826_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-12-18T22:56:10Z
Creation Date: 2020-12-18T22:50:44Z
Registry Expiry Date: 2021-12-18T22:50:44Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2020-12-20T02:51:33Z <<<

authextremeseasons.com is already registered*

Registry Domain ID: 2579416616_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-12-18T11:29:03Z
Creation Date: 2020-12-18T11:25:58Z
Registry Expiry Date: 2021-12-18T11:25:58Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2020-12-20T03:33:00Z <<<

A bit of realistic is sprinkled in however.

The intel.gg link on the primary site and some of the steam links forward to their actual REAL addresses. They also belong to the REAL companies.

Both sites are behind cloudflare and whois protection.

My job isn't over yet, I'm now going to go unlink my steam account from a bunch of stuff, and rotate credentials on whatever its connected too. In my case THAT is where the root breach took place.

For the rest of you, if you get something like this from anyone practice good hygeine and dont click. Stay safe out their.



  • 1608439054901.png
    1.7 MB · Views: 230


Not a Potato
Jan 2, 2009
1,616 (0.31/day)
Pittsburgh, PA
System Name Custom AMD Rig
Processor AMD Ryzen™ 7 5800X
Motherboard MSI MEG B550 Unify
Cooling EVGA CLC 280mm AIO Liquid Cooler
Memory Corsair Vengeance RGB Pro DDR4-4000 32 GB (8GB x 4) C18 (currently 3733 MHz, C16)
Video Card(s) PowerColor AMD Radeon RX 7900 XT 20 GB GDDR6
Storage 2TB Samsung 970 Evo Plus NVMe, 2x 2TB Inland Premium NVMe, 1TB Samsung 970 Plus NVMe
Display(s) Alienware QD-OLED 34" 165 Hz (AW3423DWF) & LG C2 42" 4K 120 Hz (OLED42C2PUA)
Case Corsair iCue 5000X (White)
Audio Device(s) Kanto Audio YU2 and SUB8 Desktop Speakers and Subwoofer, Blue Yeti Microphone
Power Supply Corsair RM850x White (2021)
Mouse Logitech Pro Superlight (White), G303 Shroud Edition,
Keyboard Corsair K70 RGB TKL Champion Series
VR HMD Occulus Quest 2 128GB
Software Windows 11 Pro 64-bit 22H2 Build 22621.1413
It's good your account wasn't fully compromised man. Just deauthorize anything that is currently linked, change your password and maybe refresh your 2FA token on your mobile if needed.
Mar 26, 2010
9,708 (2.01/day)
Jakarta, Indonesia
System Name micropage7
Processor Intel Xeon X3470
Motherboard Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling Enermax ETS-T40F
Memory Samsung 8.00GB Dual-Channel DDR3
Video Card(s) NVIDIA Quadro FX 1800
Storage V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s) Samsung 21 inch LCD Wide Screen
Case Icute Super 18
Audio Device(s) Auzentech X-Fi Forte
Power Supply Silverstone 600 Watt
Mouse Logitech G502
Keyboard Sades Excalibur + Taihao keycaps
Software Win 7 64-bit
Benchmark Scores Classified
sometimes just curious if you only run that from your pc or your laptop and both are clean from anything that suspicious from where they can sniff the account
Sep 10, 2016
788 (0.32/day)
Riverwood, Skyrim
System Name Storm Wrought | Blackwood (HTPC)
Processor AMD Ryzen 9 5900x @stock | i7 2600k
Motherboard Gigabyte X570 Aorus Pro WIFI m-ITX | Some POS gigabyte board
Cooling Deepcool AK620, BQ shadow wings 3 High Spd, stock 180mm |BQ Shadow rock LP + 4x120mm Noctua redux
Memory G.Skill Ripjaws V 2x32GB 4000MHz | 2x4GB 2000MHz @1866
Video Card(s) Powercolor RX 6800XT Red Dragon | MSI LP GT 1030
Storage SX8200 Pro 1TB, 1TB KC3000, 850EVO 500GB, 2+8TB Seagate, LG Blu-ray | 120GB Sandisk SSD, 4TB WD red
Display(s) Samsung UJ590UDE 32" UHD monitor | LG BX 55"
Case Silverstone TJ08B-E | Custom built wooden case (Aus native timbers)
Audio Device(s) Onboard, Sennheiser HD 599 cans | Logitech z163's
Power Supply Corsair HX 750 | Corsair SF 450
Mouse Microsoft Pro Intellimouse| Some logitech one
Keyboard GMMK w/ Zelio V2 62g (78g for spacebar) tactile switches & Glorious black keycaps| Some logitech one
Software Win 10 Edu | Ubuntu 22.04
Benchmark Scores Look in the various benchmark threads
Damn, thanks for the excellent detective work there @Solaris17, They did a good job setting up the sites for it, only just for a credentials harvesting scam. Hopefully you can manage to pin down how your account was compromised by them.


Freshwater Moderator
Staff member
Oct 6, 2004
57,149 (8.38/day)
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) LG 32" 4K60 | Kogan 32" 4K60 | Gigabyte G32QC (1440p165) | Phillips 328m6fjrmb (1440p144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Funnily enough i was online with another TPUer, he got the scam messages and i didnt


Knows what makes you tick
Jan 24, 2006
9,397 (1.48/day)
System Name Budget Gaming
Processor AMD FX6300
Motherboard Gigabyte 880GMA-USB3
Cooling Coolermaster Hyper 212+
Memory 8GB Ripjaws DDR3 1600
Video Card(s) HD7850 1GB
Storage 1TB Sata2
Display(s) Acer 24" LED
Case Generic black
Audio Device(s) Stock onboard
Power Supply FSP Aurum Gold 650W
Software Windows 7 Home Premium 64bit
Man, that's a lot of digging you did. Glad to help you out.
May 31, 2017
863 (0.39/day)
System Name Blackbox
Processor AMD Ryzen 7 3700X
Motherboard Asus TUF B550-Plus WiFi
Cooling Scythe Fuma 2
Memory 2x8GB DDR4 G.Skill FlareX 3200Mhz CL16
Video Card(s) MSI RTX 3060 Ti Gaming Z
Storage Kingston KC3000 1TB + WD SN550 1TB + Samsung 860 QVO 1TB
Display(s) LG 27GP850-B
Case Lian Li O11 Air Mini
Audio Device(s) Logitech Z200
Power Supply Seasonic Focus+ Gold 750W
Mouse Logitech G305
Keyboard MasterKeys Pro S White (MX Brown)
Software Windows 10
Benchmark Scores It plays games.
Gotta admit that scam page is pretty ingenious.

Also, I just tried to check in Steam's account page what apps and sites are using my steam account and I couldn't find anything. Is there such a page or do you only get the option to deauthorize all access?

Deleted member 24505

Nice, glad you sorted it. I will not use my steam sign in on any page at all unless it is steams main page or my steam win proggie.
Oct 21, 2005
6,769 (1.05/day)
System Name Computer of Theseus
Processor Intel i9-12900KS: 50x Pcore multi @ 1.18Vcore (target 1.275V -100mv offset)
Motherboard EVGA Z690 Classified
Cooling Noctua NH-D15S, 2xThermalRight TY-143, 4xNoctua NF-A12x25,3xNF-A12x15, 2xAquacomputer Splitty9Active
Memory G-Skill Trident Z5 (32GB) DDR5-6000 C36 F5-6000J3636F16GX2-TZ5RK
Video Card(s) EVGA Geforce 3060 XC Black Gaming 12GB
Storage 1x Samsung 970 Pro 512GB NVMe (OS), 2x Samsung 970 Evo Plus 2TB (data 1 and 2), ASUS BW-16D1HT
Display(s) Dell S3220DGF 32" 2560x1440 165Hz Primary, Dell P2017H 19.5" 1600x900 Secondary, Ergotron LX arms.
Case Lian Li O11 Air Mini
Audio Device(s) Audiotechnica ATR2100X-USB, El Gato Wave XLR Mic Preamp, ATH M50X Headphones, Behringer 302USB Mixer
Power Supply Super Flower Leadex Platinum SE 1000W 80+ Platinum White
Mouse Zowie EC3-C
Keyboard Filco Majestouch 2 Tenkeyless Red
Software Win 10 LTSC 21H2
Thanks for the information on this credential breech I have always been wary of any steam account linkage, but I will be more so going forward.

Easy Rhino

Linux Advocate
Staff member
Nov 13, 2006
15,189 (2.51/day)
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 2x 16 Gb Gskill S5 DDR5 5000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage Samsung 970 EVO 1 TB m.2 NVMe
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
Yes, this is another example of why using "sign in 'X'" is bad end user security practice.
Feb 9, 2020
375 (0.31/day)
Panama City Beach, Florida
System Name Singularity
Processor Intel® Core™ Processor i9-13900KF 8P/16 + 16E 3.00GHz [Turbo 5.7GHz] 36MB Cache LGA1700
Motherboard ASUS PRIME Z790-P
Cooling CyberpowerPC MasterLiquid Lite 240mm ARGB CPU Liquid Cooler
Memory 32GB (16GBx2) DDR5/6000MHz Dual Channel Memory (KINGSTON FURY BEAST RGB)
Video Card(s) GeForce RTX™ 4080 16GB
Storage 2TB WD BLACK SN850X (PCIe Gen4) NVMe M.2 SSD - Seq R/W: Up to 7300/6600 MB/s, Rnd R/W up to 1200/110
Display(s) LG 34''
Case CyberPowerPC HYTE Y60 Dual Chamber Mid-Tower Gaming Case w/ Panoramic View Tempered Glass + 2x120mm
Audio Device(s) Asus Strix w/Alan Finote mod for Windows 11
Power Supply High Power 1300W 80+ GOLD Full Modular w/ PCIE 12+4Pins Connector for PCIe 5.0 graphics cards
Mouse Steelseries Rival 600 wired
Keyboard Steelseries Apex 7 TKL red Switch
Software Win 11 Pro
Thanks so much for sharing this and taking the time to be detailed. I'm sure it will help others.
Sep 17, 2014
18,746 (5.89/day)
The Washing Machine
Processor i7 8700k 4.6Ghz @ 1.24V
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Gigabyte G34QWC (3440x1440)
Case Fractal Design Define R5
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse XTRFY M42
Keyboard Lenovo Thinkpad Trackpoint II
Software W10 x64
Thx for sharing this!

Never link accounts and use the login anywhere else than the service itself. It can never end well and never did so far. From Facebook pixels to this... The web you get into is too complicated to unscrew and it shall screw you over.

Every time I come back to KISS... complexity is what's killing us slowly.
Nov 24, 2018
1,957 (1.18/day)
south wales uk
System Name 1. The Devils Dialysis VR rig 2. intel teliscope rig 3.MSI GP72MVR Leopard Pro .
Processor 1.3900x @stock 2. i7 7700k @5. 3. i7 7700hq
Motherboard 1.aorus x570 ultra 2. z270 Maximus IX Hero
Cooling 1.Hard tube loop, cpu and gpu 2. Hard loop cpu and gpu
Memory 1.hyperx preditor @3600 16gb 2.vengence 32gb @3000 3. 16gb hyperx @2400
Video Card(s) 1.Aorus Xtreme RTX2080 Waterforce 2. MSI 1080 8gb with EKWB 3. 1060 3gb.
Storage 1 M.2 500gb , 2 3tb HDs 2. 256gb ssd, 3tbHD 3. 256 m.2. 1tb ssd
Display(s) 1.LG 50" UHD , oculus rift S.2 MSI Optix MAG342C UWHD. SONY bravia 1080p, . 3.17" 120 hz display
Case 1. Thermaltake P5 2. Thermaltake P3
Audio Device(s) 1 Onboard 2 Onboard 3 Onboard
Power Supply 1.seasonic gx 850w 2. seasonic gx 750w
Mouse 1 ROG Gladius 2 Corsair m65 pro
Keyboard 1. ROG Strix Flare 2. Corsair F75 RBG 3. steelseries RBG
VR HMD rift and rift S and Quest 2.
Software 1. win10 pro 2. win10 pro 3, win10 home
Benchmark Scores 1.7821 cb20 ,cb15 3442 1c 204 cpu-z 1c 539 12c 8847 2. 1106 cb 3.cb 970
well done buddy, i havnt had anything yet but thanks to your heads up ill be on the look out.
Jul 16, 2014
8,019 (2.47/day)
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse forgot....
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
So how exactly does one get compromised here?

Clicking on the link from a steam message that takes you to a browser page? Or is it from an email?
Oct 30, 2008
1,901 (0.36/day)
Processor 5930K
Motherboard MSI X99 SLI
Cooling WATER
Memory 16GB DDR4 2132
Video Card(s) EVGAY 2070 SUPER
Display(s) Catleap/Yamakasi 2560X1440
Case D Frame MINI drilled out
Audio Device(s) onboard
Power Supply Corsair TX750
Keyboard Razer Black Widow Tournament
Software W10HB
Benchmark Scores PhIlLyChEeSeStEaK
Its the Damn Russians!!!!

Good sloth work man!
Aug 20, 2007
19,406 (3.36/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) EVGA GeForce RTX 3090 Ti FTW3
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply EVGA SuperNova 850W T2
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (yes, it's legit)
Russia is indeed up to something.

Somewhat unrelated, but several of my OSS projects have been retroactively flagged by Windows Defender as malware, about three times. Tracing the origin of the file hash they are acting on led me to a report by none other than Kaspersky that my file was an "email trojan." Funny, because my source is all fully present and doesn't even touch anything to do with email.

The funny part is, my file was a zip archive, and rezipping it to change the hash cleared the supposed virus.

Strange shit be going down.
Feb 20, 2019
5,933 (3.79/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
So is this image...


...actually a fake Chrome Window? Could you move it around within the page?

Sneaky futhermuckers!

I don't cross link anything either - it just increases your risk exposure in both scope and chance.