Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Or, someone already knows your account name AND password meaning that the SteamGuard code is the only thing left protecting you from someone taking over your account.
Do change your password, and think about how they got your username/password to see whether you need to take further action to close that leak.
The only way for someone to gain access is if they know your username, password and live Guard code. and they need to use it all within a small space of time before the guard code changes making it all worthless.
They're different situations. In the first one someone has gotten hold of both your username and password. In such a case it's advisable to change your password in a secured machine and to scan your computer in case you've gotten malware installed.
If they're account recovery mails it only means your account name has been leaked (Maybe it's also used for a different service which got compromised) and the attacker is going through the account recovery help. In this situation no password has been compromised.
That's why you need to find out how they could know the credentials.
Also, double-check that it actually refers to the account that you think it's about. I had this a while back -- I was completely baffled by how anyone could get the correct credentials for my account, until I realized that this was about an account I didn't even remember making, and an "oh, so that's how" fell into place right away.
There's the claim that there's malware that's targeting Steam, although I don't know why they would just go with username+password. More likely, in opinion, is you actually telling them your account info, willingly (for some obscure trading mechanic) or unwillingly (by giving you a link that leads to look-alike but still very fake Steam site -- but then again, such a site would yield better results if they gave you the Steamguard query right away).
Either way, find out what account the logins are referring to, and think about how username+password escaped your custody.
My data was leaked by various games on Steam before, the naming and shaming policy do not allow me to name those, just run a background check before signing up with any company/ game.
and enable steam guard.
and its not part of the email address?
thanks saint...
i wish they had this for phone numbers..
You can use the same site for phone numbers.
Also shouldn't be logging in from 3rd party sites, as there's a lot phishing sites.
Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/
https://youtu.be/9TRR6lHviQc
The type of story scammers say to you.
- "Hey vote for my team", and they link you a phishing site link, and try get you to login.
- "Hey I can't add you, please add me", and they try to start their scam with you.
- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...
- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.
I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315
https://youtu.be/JuWHCBeZrqI
https://www.youtube.com/watch?v=kook1DlxDAw
https://www.youtube.com/watch?v=0DDnV-MHSaY
https://www.youtube.com/watch?v=WfTXxLraokE
https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890
Now OP said was getting account login attempts not account recovery, so seem like scammers are collecting info from OP in some way such as phishing attack, or has a compromise device, or even VPN service OP said using, but can't say for sure how someone guessing their password unless we were there in person to see why, and how.
Not really. You just change the password, and the mails stop because Steam will not send you Steam guard codes for logins that don't work.
No, your data wasn't leaked by games -- because games don't even see usernames and passwords.