If they are 'trying" but failing. Sounds like Steam Guard is working just fine.

Now you need to figure out how you keep leaking out your credentials.

Originally posted by caraline12315:

Security is pointless

You are correct. It is pointless when people do things that bypass or ignore proper security measures, including keeping desirable items and information public.

I couldn’t agree with most of this on some point however I have maxed out every single security measure. I possibly could on all of my platforms, including making sure not a single password is the same logically, speaking even remotely, not using words or catchphrases or anything of the sort everything is maximum of 50 characters and over 120 different characters or letters, different combinations and such this is why I’m trying to figure out why somebody in Asia is trying to get into my stuff again for the fourth time so far it’s like I’m not using a password at all at this point i’m using two factor authentication on everything. I’m using USB‘s that have the passwords on them and that is secure it. This is wild. I’m not even using my main computer. I’m using a laptop that is set to encrypt everything in and out of it. With 128bit maybe I’m doing something wrong now?

Originally posted by caraline12315:

I couldn’t agree with most of this on some point however I have maxed out every single security measure. I possibly could on all of my platforms, including making sure not a single password is the same logically, speaking even remotely, not using words or catchphrases or anything of the sort everything is maximum of 50 characters and over 120 different characters or letters, different combinations and such this is why I’m trying to figure out why somebody in Asia is trying to get into my stuff again for the fourth time so far it’s like I’m not using a password at all at this point i’m using two factor authentication on everything. I’m using USB‘s that have the passwords on them and that is secure it. This is wild. I’m not even using my main computer. I’m using a laptop that is set to encrypt everything in and out of it. With 128bit maybe I’m doing something wrong now?

These people are not somekind of psychic. They get your credentials from somewhere. Unfortunately, I can't magically guess where the hole is. But, one thing is sure, if Steam's database was compromised, we would know. Oh yes we would know.

Also, fun-fact, Steam don't store password so "hacking" them in the traditional sense is rather pointless.

So, yeah, you've got a hole somewhere. But, there is no way anyone could find it for you unless we move to your place and watch over your shoulder 24/7

Firstly, make sure that the account being targeted in your main one. Many users have dud or old accounts bound to the same email that they have forgotten about or didn't realise they created and it is that account which is being bot-targeted. Double check that the account name on the email notifications match the account name you use to sign in with. People in this situation end up changing their main password pointlessly when that's not even the account that is being targeted.

Account length and complexity is also pretty limited because phishing aspects can obtain whole passwords if given away or captured by tailored malware. If it is your account that is being persistently targeted even after changes then it's also possible that you have harmful material embedded on your PC. Either way, this will not happen unless there is a leak your end of sorts. Priority is to ensure the account name is that of your main account.

I appreciate you thermal Lance I’m gonna try and figure some stuff out. Maybe do a security check on myself and figure out what comes with it.

Originally posted by caraline12315:

I appreciate you thermal Lance I’m gonna try and figure some stuff out. Maybe do a security check on myself and figure out what comes with it.

Hope you get it figured out. I had my own account hijacked once and it's not a fun experience. Good Luck.

It absolutely is the same account when I first made my account. I made sure I kept the same one for years and years and years so this account is really really old at this point and I try to take pride in having a steam account because realistically every single solitary Game I’ve owned I’ve lost in moving and what not so this is kind of sort of all I have and I’m gonna do that security check on my laptop when I get home to see if there’s something on there I don’t know about

Originally posted by caraline12315:

It absolutely is the same account when I first made my account. I made sure I kept the same one for years and years and years so this account is really really old at this point and I try to take pride in having a steam account because realistically every single solitary Game I’ve owned I’ve lost in moving and what not so this is kind of sort of all I have and I’m gonna do that security check on my laptop when I get home to see if there’s something on there I don’t know about

Just make sure the account names match 100% because this is something that needs to be confirmed to avoid a lot of needless actions going forward. There was a thread late last year where the user in the same situation was absolutely adamant for several days they only had one account created ever, yet it turned out they had 3 others including 1 that was being relentlessly targeted in bots sweeps due to having simple credentials and just email guard.

Originally posted by Thermal Lance:

Originally posted by caraline12315:

I appreciate you thermal Lance I’m gonna try and figure some stuff out. Maybe do a security check on myself and figure out what comes with it.

Hope you get it figured out. I had my own account hijacked once and it's not a fun experience. Good Luck.

If it helps OP feel better, I’ve had mine stolen twice
my misplaced trust in that “log into this site with Steam” required me to learn that lesson a few times

Just to be sure, you ARE getting a Steamguard code -- not a password reset?

Steamguard code means they know the password.
Password reset means they don't know the password.

Originally posted by caraline12315:

I couldn’t agree with most of this on some point however I have maxed out every single security measure. I possibly could on all of my platforms, including making sure not a single password is the same logically, speaking even remotely, not using words or catchphrases or anything of the sort everything is maximum of 50 characters and over 120 different characters or letters, different combinations and such this is why I’m trying to figure out why somebody in Asia is trying to get into my stuff again for the fourth time so far it’s like I’m not using a password at all at this point i’m using two factor authentication on everything. I’m using USB‘s that have the passwords on them and that is secure it. This is wild. I’m not even using my main computer. I’m using a laptop that is set to encrypt everything in and out of it. With 128bit maybe I’m doing something wrong now?

You might not necessarily be doing anything wrong. Scammers will try to work off of any information they have - including profile/user/display names the see in games. Unfortunately many people still use the same name and password across sites, so when scammers managed to get into the DB of one, they will use that information to try to get into other accounts that user had.

A lot of people will talk about or complain about privacy and what not, but once you go on the Internet, there is no such thing. It longer exists. Once in a while, you'll hear about a breech at a big company, like Sony or Target. Well I'll tell ya, I had an opportunity to see first hand the stuff that goes on in the web around the work at a tech job I worked at for a few years. People would have a meltdown at the breeches and attempted breeches that are occurring practically on a minute to minute basis.

Originally posted by Kargor:

Just to be sure, you ARE getting a Steamguard code -- not a password reset?

Steamguard code means they know the password.
Password reset means they don't know the password.

This is an important question...

If it's the case where they do know the password, the first step is to do the change of password in a Secure system. Not on your regular computer. Do it on your phone browser or an unrelated computer. Then see if the login attempts continue.

Perhaps NOT visiting those scummy trading sites is a good thing???

And perhaps NOT using your Steam Credentials on those sites is a god thjing as well?

It doesn’t matter how often you change your password. It doesn’t matter how often you think you’re smarter than every other user here who got scammed or ripped off.

You’re the one personally inviting them in, handing them the key to your house, patting them on the shoulder, and smiling politely. "Please, come on in and rob me!"


Technically, they’re not even stealing at this point.

It’s more of a well-packaged act of generosity.

From you.

To them.

With a smile.