安装 Steam
登录
|
语言
繁體中文(繁体中文)
日本語(日语)
한국어(韩语)
ไทย(泰语)
български(保加利亚语)
Čeština(捷克语)
Dansk(丹麦语)
Deutsch(德语)
English(英语)
Español-España(西班牙语 - 西班牙)
Español - Latinoamérica(西班牙语 - 拉丁美洲)
Ελληνικά(希腊语)
Français(法语)
Italiano(意大利语)
Bahasa Indonesia(印度尼西亚语)
Magyar(匈牙利语)
Nederlands(荷兰语)
Norsk(挪威语)
Polski(波兰语)
Português(葡萄牙语 - 葡萄牙)
Português-Brasil(葡萄牙语 - 巴西)
Română(罗马尼亚语)
Русский(俄语)
Suomi(芬兰语)
Svenska(瑞典语)
Türkçe(土耳其语)
Tiếng Việt(越南语)
Українська(乌克兰语)
报告翻译问题
讨论规则及指引
举报此帖
Or, someone already knows your account name AND password meaning that the SteamGuard code is the only thing left protecting you from someone taking over your account.
Do change your password, and think about how they got your username/password to see whether you need to take further action to close that leak.
The only way for someone to gain access is if they know your username, password and live Guard code. and they need to use it all within a small space of time before the guard code changes making it all worthless.
They're different situations. In the first one someone has gotten hold of both your username and password. In such a case it's advisable to change your password in a secured machine and to scan your computer in case you've gotten malware installed.
If they're account recovery mails it only means your account name has been leaked (Maybe it's also used for a different service which got compromised) and the attacker is going through the account recovery help. In this situation no password has been compromised.
That's why you need to find out how they could know the credentials.
Also, double-check that it actually refers to the account that you think it's about. I had this a while back -- I was completely baffled by how anyone could get the correct credentials for my account, until I realized that this was about an account I didn't even remember making, and an "oh, so that's how" fell into place right away.
There's the claim that there's malware that's targeting Steam, although I don't know why they would just go with username+password. More likely, in opinion, is you actually telling them your account info, willingly (for some obscure trading mechanic) or unwillingly (by giving you a link that leads to look-alike but still very fake Steam site -- but then again, such a site would yield better results if they gave you the Steamguard query right away).
Either way, find out what account the logins are referring to, and think about how username+password escaped your custody.
My data was leaked by various games on Steam before, the naming and shaming policy do not allow me to name those, just run a background check before signing up with any company/ game.
and enable steam guard.
and its not part of the email address?
thanks saint...
i wish they had this for phone numbers..
You can use the same site for phone numbers.
Also shouldn't be logging in from 3rd party sites, as there's a lot phishing sites.
Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/
https://youtu.be/9TRR6lHviQc
The type of story scammers say to you.
- "Hey vote for my team", and they link you a phishing site link, and try get you to login.
- "Hey I can't add you, please add me", and they try to start their scam with you.
- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...
- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.
I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315
https://youtu.be/JuWHCBeZrqI
https://www.youtube.com/watch?v=kook1DlxDAw
https://www.youtube.com/watch?v=0DDnV-MHSaY
https://www.youtube.com/watch?v=WfTXxLraokE
https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890
Now OP said was getting account login attempts not account recovery, so seem like scammers are collecting info from OP in some way such as phishing attack, or has a compromise device, or even VPN service OP said using, but can't say for sure how someone guessing their password unless we were there in person to see why, and how.
Not really. You just change the password, and the mails stop because Steam will not send you Steam guard codes for logins that don't work.
No, your data wasn't leaked by games -- because games don't even see usernames and passwords.