All Discussions > Steam Forums > Steam Discussions > Topic Details
myriadmystery Jul 29, 2022 @ 2:47pm
Daily login attempts from China - Should I be worried?
So I've been getting emails daily for about a week now telling me (US resident) that someone in China has been logging in to my steam account. The emails contain the five digit code that would be needed to complete the login (because I have the email authentication set up for logins with new devices). I've also downloaded the mobile authenticator app thing, so I'm fairly certain they can't actually finish logging in to access my account. But I'm worried that they keep having the correct password for my steam account, even though I've changed it every day since this started and I'm using 12 digit random strings of characters as passwords. I've also signed out of steam on all devices and scanned for keyloggers using AVG free, Malwarebytes, and the default Windows antivirus program.

Has anyone else had similar issues?

And does anyone know, if they have managed to hack into my email as well (also been changing that password just in case), will the need for the mobile authenticator code prevent them from completing the login?
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by wuddih:
these emails mention the account name, account name is not changeable on Steam. check that.

it is most likely that an accidentally created and/or forgotten other Steam account on the same email, combined with a data breach somewhere else - check haveibeenpwned.com - generates those mails because breach data is used to take control of any accounts.

one reason why you should never re-use passwords across any accounts
< >
Showing 1-15 of 15 comments
Satoru Jul 29, 2022 @ 3:22pm 
it means someone has your username/passwrod combination

If you changed your password its possible your local account is also compromised in some way
#1
HikariLight Jul 29, 2022 @ 3:28pm 
If you use any 3rd party sites that have you login with your Steam account, thats your problem right there.
Change your password from a different and secure device, like your phone or another computer, and ensure Steam Guard is active for your account.
#2
UCEY Jul 29, 2022 @ 8:36pm 
Someone has your username and password. Change your password and your email and sign out from any third party website you're signed into
#3
Wizardhermit Jul 29, 2022 @ 8:54pm 
It is possible for these to also be fake. I get fake "login" attempts all the time and I know they are fake because they use my username and not my account name, and also the emails get sent to my normal email and not the email I have setup specifically and only for Steam and sometimes they are even in Chinese or Russian.
Last edited by Wizardhermit; Jul 29, 2022 @ 8:58pm
#4
green Jul 29, 2022 @ 10:29pm 
I’m guessing that the attacker is using qoble (a brute force attack for steam) and that’s why they can gain access to your account, they can’t do anything though i would just change your email password (just in case) and wait until they give up.
#5
Dr.Shadowds 🐉 Jul 29, 2022 @ 11:03pm 
Since they know your login name, and password, I suggest you do these steps ASAP.
1. Scan for malware. https://www.malwarebytes.com/

2. Change password, if another service you use same old password, ensure change that too.

3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage

4. Generate new backup codes. https://store.steampowered.com/twofactor/manage

5. Revoke the API key. https://steamcommunity.com/dev/apikey <--- Should be nothing there.


Here tips, and examples to help you give an ideal of types of scams, and phishing attacks that happens online daily that people can fall for, doesn't matter if you think it won't happen to you, it can happen if not paying attention, as some are very good tricks.
Originally posted by Dr.Shadowds 🐉:
Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

https://youtu.be/9TRR6lHviQc

The type of story scammers say to you.

- "Hey vote for my team", and they link you a phishing site link, and try get you to login.

- "Hey I can't add you, please add me", and they try to start their scam with you.

- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...

- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.


I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315
https://steamcommunity.com/sharedfiles/filedetails/?id=2570975058

https://youtu.be/JuWHCBeZrqI
https://www.youtube.com/watch?v=kook1DlxDAw
https://www.youtube.com/watch?v=0DDnV-MHSaY
https://www.youtube.com/watch?v=WfTXxLraokE

https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890
#6
myriadmystery Jul 30, 2022 @ 12:21am 
Thank you all for your help! I did have my steam account linked through Humble Bundle, I've unlinked that now. I'm also going to set up a different email address for my steam account to rule out whether or not the emails are fake. They look identical (comparing them to the authenticator emails I was getting every time I logged in) but I'd like to rule it out. I'll post my results in this thread in case it can help anyone else out with the same issue.
Last edited by myriadmystery; Jul 30, 2022 @ 12:23am
#7
Dr.Shadowds 🐉 Jul 30, 2022 @ 12:35am 
Originally posted by myriadmystery:
Thank you all for your help! I did have my steam account linked through Humble Bundle, I've unlinked that now. I'm also going to set up a different email address for my steam account to rule out whether or not the emails are fake. They look identical (comparing them to the authenticator emails I was getting every time I logged in) but I'd like to rule it out. I'll post my results in this thread in case it can help anyone else out with the same issue.
Another possible thing can happen is having more than one account using same email, as you can have many accounts use the same email, and phone number for all of them. So try doing account recovery, put in email, and if you see more than one account, that might be the reason why you're getting those emails.

And yes you be right there are fake emails scammers do where they try their best to trick people into clicking links to login, and steal their accounts.
#8
Kargor Jul 30, 2022 @ 8:12am 
Originally posted by Carry potter:
I’m guessing that the attacker is using qoble (a brute force attack for steam) and that’s why they can gain access to your account

Most online services should temporarily block access to an account from a specific IP address if there are too many failed logins; this would make a brute-force attack to random Steam accounts prohibitively expensive.

There's a much much much higher chance that they are simply using an accountname/password that they have gotten from a scam site, or something that came out of an entirely different site because the user used the same combo elsewhere. Thus, no brute force attack, but their script, apparently, can't handle Steam Guard and keeps trying.

i would just change your email password

That's completely useless. If they had access to the EMail account they would have used the Steam Guard code already...
#9
J4MESOX4D Jul 30, 2022 @ 8:26am 
First thing you should've done was check the account name in the email matches the one you use because many users in this situation have dud accounts they forgotten about or don't realise they created previous and it is those that are suddenly being targeted in bot sweeps but thwarted by the guard. It does not mean your main account is suddenly under a relentless phishing attack so check the account name and if you do have a dud then secure or delete it.
#10
☞C-BOY || ღ Jul 30, 2022 @ 8:34am 
I dont
#11
GuudBooi Jul 30, 2022 @ 9:13am 
Originally posted by myriadmystery:
Thank you all for your help! I did have my steam account linked through Humble Bundle, I've unlinked that now. I'm also going to set up a different email address for my steam account to rule out whether or not the emails are fake. They look identical (comparing them to the authenticator emails I was getting every time I logged in) but I'd like to rule it out. I'll post my results in this thread in case it can help anyone else out with the same issue.
I doubt that humble bundle can be a problem but it s fine unlinking your steam account from there since there is no reason to it to be linked, i did the same, i would suggest the deauthorize all devices and revoke api key part that someone suggested.
#12
The author of this thread has indicated that this post answers the original topic.
wuddih Jul 30, 2022 @ 9:52am 
these emails mention the account name, account name is not changeable on Steam. check that.

it is most likely that an accidentally created and/or forgotten other Steam account on the same email, combined with a data breach somewhere else - check haveibeenpwned.com - generates those mails because breach data is used to take control of any accounts.

one reason why you should never re-use passwords across any accounts
#13
Spazmantiz Aug 17, 2023 @ 1:11am 
I have similar situation. steam told me that someone trying to login to my account from china but email is written in thai.
#14
J4MESOX4D Aug 17, 2023 @ 1:18am 
Originally posted by Spazmantiz:
I have similar situation. steam told me that someone trying to login to my account from china but email is written in thai.
Doesn't matter where they are - secure your account with the steps provided in #6. Also that scam site you have in your name history is a likely culprit as are all of these 3rd party ones.
#15
< >
Showing 1-15 of 15 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Jul 29, 2022 @ 2:47pm
Posts: 15
Start a New Discussion

Discussions Rules and Guidelines