Is the name in the email your login name?

The accounts where the name matches, the password does not.
the accounts where the name is different (ish) some of the passwords match.
none have both a matching user name and matching password.

my point is my steam account, and password, had not been used in over a year.
but just got hacked now?

going to say steam is leaking.
ship is sinking.

let me be clear, Nobody has actually logged into any of my accounts,

Steam claims someone tried with correct credentials.
just trying to get an account activated? trying to get me to log mack in? trying to manipulate?

I can't see any way anyone attained my password in the last 18 months.

It means you reused your username/password on any number of hundreds of sites that have previously been hacked and attackers are just going through th elists to see who is 'smart' enough to use the same username/password on steam

Steam is not leaking

You just have incredibly bad password security

Your ignorance is showing.
Nice of you to assume my password security.
the only thing lacking in my password security is that I had not changed my steam in over a year, as a result of not using it.

They got no sensitive data, no ability to change anything, no access to any other accounts, no e-mail, quite literally nothing but my steam account.

Any account with the same name uses a different password.
any account with the same pass, is a different name.

I don't think you get the concept.

Looks like you spend your time trolling
"That just means your system is in terrible shape if you cant get even basic games running. "

Not going to waste any more breath on you.

Your account your responsibility.

Ive never been hacked and o boy im sure those hacky boys wants my skins.

If you use the 2fa security its “impossible” to get hacked.

But seeing your attitude you know it better

You asked how they got your credentials

Then you magically think steam was 'hacked'

The easier explanation is that you have bad bad password hygiene.

Steam has not been 'hacked'

Therefore the problem is a PBKAC one

People who claim they have 'awesome' security are literally the people who have the worst security

Therefore look at where the problem lies, rather than blaming everything and everyone else

The two stage security, made sure they did not get anything in the first place.
but my question still stands, how did they get any of the credentials right at all.

Going to explain it one more time, in a simple short fashion.
They did not bring my user name and password from Facebook or my e-mail or any other account I have.

They according to steam, provided correct user name and password.

So this means there are only two places they got the information from.
ME or STEAM.

and since I have not used the account in a YEAR.

this means, either the account information was stored on my computer, and they accessed it.
OR
Steam leaked.

Yes yes I know all about the people who cry that their facebook got hacked 4 times last year.
yes yes, I have made claim that you don;t get hacked unless you make a mistake. Public networks, Strange computers, keyloggers,

Again, I love the assumptions here that I did not do these things.

"If you use the 2fa security its “impossible” to get hacked."
Yes, I f'n know this, I did not get hacked in a sense that they got NOTHING non of my accounts can be touched.

My question is where the bloody hell did they get credentials, for an account I have not used in a year.

I feel like I am trying to explain it to my dog.
They did not get ANYTHING from my steam account.
and the password they have for my steam account they could not use because of the two stage.
and the password they have for steam is useless on all other accounts.

I am asking WHY DO THEY HAVE THE PASSWORD.

The multiple accounts, with the same or similar user name, have shown 0 attempts, successful or unsuccessful log in attempts in the past 2 years.

NOBODY has tried to use the password from steam, on ANY of my other accounts.

Escrito originalmente por northern_blades:

The two stage security, made sure they did not get anything in the first place.
but my question still stands, how did they get any of the credentials right at all.

Again bad password hygine

I am asking WHY DO THEY HAVE THE PASSWORD.

Again bad password hygine

Escrito originalmente por northern_blades:

The two stage security, made sure they did not get anything in the first place.
but my question still stands, how did they get any of the credentials right at all.

Going to explain it one more time, in a simple short fashion.
They did not bring my user name and password from Facebook or my e-mail or any other account I have.

They according to steam, provided correct user name and password.

So this means there are only two places they got the information from.
ME or STEAM.

and since I have not used the account in a YEAR.

this means, either the account information was stored on my computer, and they accessed it.
OR
Steam leaked.

Yes yes I know all about the people who cry that their facebook got hacked 4 times last year.
yes yes, I have made claim that you don;t get hacked unless you make a mistake. Public networks, Strange computers, keyloggers,

Again, I love the assumptions here that I did not do these things.

"If you use the 2fa security its “impossible” to get hacked."
Yes, I f'n know this, I did not get hacked in a sense that they got NOTHING non of my accounts can be touched.

My question is where the bloody hell did they get credentials, for an account I have not used in a year.

I feel like I am trying to explain it to my dog.
They did not get ANYTHING from my steam account.
and the password they have for my steam account they could not use because of the two stage.
and the password they have for steam is useless on all other accounts.

I am asking WHY DO THEY HAVE THE PASSWORD.

The multiple accounts, with the same or similar user name, have shown 0 attempts, successful or unsuccessful log in attempts in the past 2 years.

NOBODY has tried to use the password from steam, on ANY of my other accounts.

The issue is on your end, steam isn't hacked and they don't store the password in a readable format. The password is stored in an encrypted format. If somehow steam had a leak and passwords were accessed you'd see MILLION'S of accounts compromised and it would be chaos.

So process of elimination leaves it on your end. You could have done something years ago, entered your steam data on random sites or gotten your data stolen and that site just recently got compromised or decided to take advantage

Your user names could be similar enough that people compared them and were able to figure out a pattern and had a series of passwords to try from multiple leaks.

They could have linked multiple usernames based on email or IP from previous leaks and tried passwords, etc.

so not using a password for over a year, and never entering it on the keyboard, and not using it on any network, private or public, or at all. Is bad Hygiene?

I was plenty covered, and they still can't do anything with it. but the question still stands.

trying to explain it in simple terms.
I did not get phished, 18 months ago, And just this week, they tried to access my account, and were foiled by 2 stage.

They have made 0 attempts to log in any any other account by the same name.
This was not a brute force, This was not trying the same password on every similar account.

This was a single successful log in attempt on a single account, on a singe server, on a single occasion.

Now, If I could see an attempt to use this password on my facebook, or e-mail accounts, (they would fail) but I would see the attempt

If they tried to use the same password on by blizzard account. again, they would fail, and I would be notified.

Escrito originalmente por northern_blades:

trying to explain it in simple terms.
I did not get phished, 18 months ago, And just this week, they tried to access my account, and were foiled by 2 stage.

They have made 0 attempts to log in any any other account by the same name.
This was not a brute force, This was not trying the same password on every similar account.

This was a single successful log in attempt on a single account, on a singe server, on a single occasion.

Now, If I could see an attempt to use this password on my facebook, or e-mail accounts, (they would fail) but I would see the attempt

If they tried to use the same password on by blizzard account. again, they would fail, and I would be notified.

So your options are either Steam got hacked, someone stole their encryption key they use to encrypt all accounts but they have ONLY tried to access your account out of a billion accounts

OR

You were exposed somwhere else that you just can't think of.

Gee I wonder which explanation is more probable. I mean its clear you made up your mind and think someone broke into steam and stole your info and only your info apparently, so not sure what you want us to say.

I mean its far more likely someone put a keylogger on your computer and stole it then it is that steam was hacked and the password was decrypted but they only got yours.

If I had entered that steam password at all even once in the last year, it might make sense.
I could understand keyloggers, I can understand open networks,

It would be like getting an e-mail today, telling me someone had my password for my tripod or geocities account.

Escrito originalmente por northern_blades:

If I had entered that steam password at all even once in the last year, it might make sense.
I could understand keyloggers, I can understand open networks,

It would be like getting an e-mail today, telling me someone had my password for my tripod or geocities account.

Old sites do get hacked, just because you didnt use it for years didnt mean it wasnt stored on another site that was recently hacked. Or that some hacker bought an old list of passwords and is going thru them

Just because you didn't use Steam in a year doesn't mean that BEFORE THAT POINT you installed your credentials into a shady site.

As brian says, this is likely old sites sharing your information and YOU are the one who gave it out.

Steam was not hacked.

Your account was not hacked. This is 100% not a hacking issue.