There is a scam going around, where scammers try to get your login info by inviting you to playtest a random title. I wouldn't risk it.
Game will be available in Early Access in less than a month either way.

Scam. Devs themselves said that there is no playtest.

https://store.steampowered.com/news/app/1431300/view/538847639944299860

引用自 Pocahawtness：

I received a playtest invite today, which of course requires you to login to accept. The question is, is the playtest legit?

The question is that of the URL. Is the URL requiring you to log in legit or the "good" old phishing?
Don't omit the most important detail!

I didn't want to include the link, because it includes the invite number. I've crossed it out here....


https://store.steampowered.inviteXXXXXX.com/playtest/invitetoplaytest/PlaytestSANDonSteam

If it's a scam then a good friends account has been compromised. I need to report that.

引用自 Pocahawtness：

I didn't want to include the link, because it includes the invite number. I've crossed it out here....


https://store.steampowered.inviteXXXXXX.com/playtest/invitetoplaytest/PlaytestSANDonSteam

Yup, that's phishing. That's absolutely & obviously (if you know what phishing is) phishing. This couldn't be any more obvious phishing, actually.

Thank you so much.
I am always extremely wary of external links but it was an excellent piece of phishing. It looks very real. The only giveaway was that I realised the invite number (the XXXXX) was actually a part of the domain name which seemed very wrong.
I have reported my friends account as compromised.
Again, thank you all.

引用自 Pocahawtness：

Thank you so much.
I am always extremely wary of external links but it was an excellent piece of phishing. It looks very real. The only giveaway was that I realised the invite number (the XXXXX) was actually a part of the domain name which seemed very wrong.
I have reported my friends account as compromised.

Pro tip: a good browser will tell you what's the actual domain by highlighting it. If yours doesn't, switch to one that does. From the URL you posted, store.steampowered is a subdomain, not the domain. Once you realize that, it's blatantly obvious phishing. Switch to a browser that helps you identify the actual domain.

Just to make sure, I have changed my password, even though I am 100% sure I didn't give away any information while checking out the link. I'm extra careful about this sort of thing.

I'm not quite sure how I managed to display the link, but at some point I did. Now it just returns that the address does not exist. Anyway, password changed just to be on the safe side.

Okay so i'm an absolute idiot, i shouldn't have clicked the link without second thought and all that. Though i did it without thinking straight as it came from a friend, but what do i do now that i did click the link?

I clicked on it and logged in using the authentication qr code method (i never realized it was odd that it made me log in cause i'm not logged in the browser steam, though i guess i should've seen the red flags when it even made me go into the browser). I realized that for some reason my authenticator got removed and well yeah. I got back on it after a few minutes though, changed my password and removed all my authorized devices and logged back in on my pc and phone. Should i change passwords to everything i have related to the email? All of my accounts using the same email have a different password than the steam one.

Does anyone know, whats the chance of something happening to either my steam account or my other accounts that are either related to the steam used email, or in general that i have on my pc???

引用自 Tiina：

Okay so i'm an absolute idiot, i shouldn't have clicked the link without second thought and all that. Though i did it without thinking straight as it came from a friend, but what do i do now that i did click the link?

I clicked on it and logged in using the authentication qr code method (i never realized it was odd that it made me log in cause i'm not logged in the browser steam, though i guess i should've seen the red flags when it even made me go into the browser). I realized that for some reason my authenticator got removed and well yeah. I got back on it after a few minutes though, changed my password and removed all my authorized devices and logged back in on my pc and phone. Should i change passwords to everything i have related to the email? All of my accounts using the same email have a different password than the steam one.

Does anyone know, whats the chance of something happening to either my steam account or my other accounts that are either related to the steam used email, or in general that i have on my pc???

Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

If you want to be sure - change email password from clean device.

引用自 Aluvard：

引用自 Tiina：

Okay so i'm an absolute idiot, i shouldn't have clicked the link without second thought and all that. Though i did it without thinking straight as it came from a friend, but what do i do now that i did click the link?

I clicked on it and logged in using the authentication qr code method (i never realized it was odd that it made me log in cause i'm not logged in the browser steam, though i guess i should've seen the red flags when it even made me go into the browser). I realized that for some reason my authenticator got removed and well yeah. I got back on it after a few minutes though, changed my password and removed all my authorized devices and logged back in on my pc and phone. Should i change passwords to everything i have related to the email? All of my accounts using the same email have a different password than the steam one.

Does anyone know, whats the chance of something happening to either my steam account or my other accounts that are either related to the steam used email, or in general that i have on my pc???

Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

If you want to be sure - change email password from clean device.

Big thank you! I've done everything, but the revoking API key, as i am a little confused. When clicking the link i have to register, does it mean i have nothing to revoke or do i still have to register to check?

APIKEY needs to be empty. If only thing available is "register" button and nothing else, then you're safe.

引用自 Aluvard：

APIKEY needs to be empty. If only thing available is "register" button and nothing else, then you're safe.

Okayy, thats good to hear then. I've changed my password and email, but now ive gotten new sign in request notifications teice, thought i never got the big confirmation screen, and i've been checking my authorized devices. Any idea if that might be the hacker or its just some weird glitch from changing emails and logging out of the pc app steam?

I'd recommend checking out All Things Secured's video on phishing scams and how to spot them, just to help you avoid possible scams in the future. The STOP method is really good practice, especially in this day and age.

Also, be sure you have a unique, strong, randomized password for all your accounts (try Proton Pass, it's absurdly easy to use) and definitely make sure you use Steam's mobile app for Steam Guard. It allows you to log in by scanning a QR code through the Steam app, which essentially makes it so that even if you try to log in via the app on a phishing site, they don't have all the information necessary to sign into your account. This means logging in is both far more convenient while also being far more secure. It's worth it, especially if you value your Steam account. Just be sure to store that backup code safely, preferably in your password manager.