Originalmente postado por Muppet among Puppets:

Originalmente postado por AndrewJago USMC:

This has been a waste of my time. Unsubscribing to this post.

We will never know if the email contains the actual account name.

Not true.

Originalmente postado por AndrewJago USMC:

Originalmente postado por Muppet among Puppets:

Is the name in the email your login name for your account?

No, the name in my email is very different from my account username.

We already had direct confirmation from OP that it wasn't an email from Valve, as the email couldn't identify them the way Valve does. They weren't happy with the answer that it was a fraud attempt, and wanted to instead believe that the email that didn't even address them properly was instead sent by Valve.

Originalmente postado por Teksura:

Originalmente postado por Muppet among Puppets:

We will never know if the email contains the actual account name.

Not true.

Originalmente postado por AndrewJago USMC:

No, the name in my email is very different from my account username.

We already had direct confirmation from OP that it wasn't an email from Valve, as the email couldn't identify them the way Valve does. They weren't happy with the answer that it was a fraud attempt, and wanted to instead believe that the email that didn't address them properly was instead sent by Valve.

When he replied again about a breach, i thought he meant his email address was different than the login name.

Because if the email was for another account, there would be no reason to continue the claim,
and the breach would have to be the email account, to verify the email at account creation, or the user made that account with a password leaked somewhere and tried out by someone using that list.

i changed my email and password and it's still happening.
how are people still trying to get into my account?

Originalmente postado por yo_boy_Rolo:

i changed my email and password and it's still happening.
how are people still trying to get into my account?

This thread is going on three years old. Maybe it would be best to start fresh and make a new thread about your problem, so maybe we could help you out.

Nope, don't do that at all. My original post of 3 years still hasn't been answered, because the majority of Steam users have their heads so far up their asses believing their precious website is invincible to hackers and scammers. The reality is this, someone is getting similar issues as I did, 3 years ago, and found this post by google searching. My email is only used for Steam, and is NOWHERE on the internet, other than Steam. You wanna help people? Get your head out of the sand and admit Steam has a scammer issue, and it stems from their unsecure platform, which is how scammers are acquiring people's emails and sending fraudulent log-in codes to try to access your account.

If you're reading this and having similar issues, DO NOT listen to the armchair experts, as they know about as much about cyber security as goldfish, and are giving improper advice and making delusional claims that Steam doesn't have an issue, that YOU yourself MUST be posting your email and password EVERYWHERE on the web, because clearly Steam is a bastion of un-hackable account info. /s

Originalmente postado por AndrewJago USMC:

Nope, don't do that at all. My original post of 3 years still hasn't been answered, because the majority of Steam users have their heads so far up their asses believing their precious website is invincible to hackers and scammers. The reality is this, someone is getting similar issues as I did, 3 years ago, and found this post by google searching. My email is only used for Steam, and is NOWHERE on the internet, other than Steam. You wanna help people? Get your head out of the sand and admit Steam has a scammer issue, and it stems from their unsecure platform, which is how scammers are acquiring people's emails and sending fraudulent log-in codes to try to access your account.

If you're reading this and having similar issues, DO NOT listen to the armchair experts, as they know about as much about cyber security as goldfish, and are giving improper advice and making delusional claims that Steam doesn't have an issue, that YOU yourself MUST be posting your email and password EVERYWHERE on the web, because clearly Steam is a bastion of un-hackable account info. /s

Groups of illicit actors use programs with proxies to bruteforce passwords in bulk. When they find a valid password and username combination the list is distributed. It has little to do with steam at all. https://en.wikipedia.org/wiki/Brute-force_attack is where you can read basic information about this kind of thing.

Steam guard e-mails are generated when a user has a successful entrance of username and password. It's best to just change your password, deauthorize devices as a just in case measure and disregard the email. No one is sending you codes but the login system. A scammer can't just "make" a code as the code is tied to "shared_secret" for mobile auth and for email auth it's generated by the login system. The people who triggered the guard message likely don't even know your email.

Interesting, everything you just typed was incorrect, as I previously stated. My PC generates random 26-character passwords for EVERYTHING I do involving log-ins, so therefore it is physically impossible that someone found a "valid" password, especially because mine is so well encrypted. Do the math, it literally takes about 3 QUADRILLION years to decrypt a randomized 26 char password.

Steam Guard e-mails are also sent when someone signs in from a new device (scammer's PC, obviously) or selects the "Forgot my password" or "Forgot my email/username" option, in which case an email is sent out, and if it's the email that's forgotten, a two-factor authentication is sent, usually to a mobile number or secondary email.

And so that your time isn't completely wasted, do yourself a favor and look up any recent "anti-scammer" YouTube video. There are many things these people can do, including changing information on any sort of website page, and even in emails as well. While your questionable wiki link contains some valid info, I'm telling you that Steam doesn't guard its' user's info as well as you're saying, which is yet another thing I've already said. Because they have your email, they send a malicious email that LOOKS like a guard email, except the code is authentic and the second you sign in through that email, the scammer has your username, password, and more importantly, access to your account.

I know what I'm talking about, as I've worked in Cyber Security for about a year and a half, and interned at CyberArk not even a month after I originally wrote this post. I have no interest arguing with morons, however, so I'll simply leave this here and unsubscribe from the discussion, as there is nothing of value being posted here, other than what I've written.

Originalmente postado por AndrewJago USMC:

I know what I'm talking about, as I've worked in Cyber Security for about a year and a half, and interned at CyberArk not even a month after I originally wrote this post. I have no interest arguing with morons, however, so I'll simply leave this here and unsubscribe from the discussion, as there is nothing of value being posted here, other than what I've written.

Until now i thought, if people could access steams servers and grab stuff, accounts like yours and mine with just a handfull games were not the target.
But i think, we are the first getting targeted now.......
if you are right.

Originalmente postado por AndrewJago USMC:

Interesting, everything you just typed was incorrect, as I previously stated. My PC generates random 26-character passwords for EVERYTHING I do involving log-ins, so therefore it is physically impossible that someone found a "valid" password, especially because mine is so well encrypted. Do the math, it literally takes about 3 QUADRILLION years to decrypt a randomized 26 char password.

Steam Guard e-mails are also sent when someone signs in from a new device (scammer's PC, obviously) or selects the "Forgot my password" or "Forgot my email/username" option, in which case an email is sent out, and if it's the email that's forgotten, a two-factor authentication is sent, usually to a mobile number or secondary email.

And so that your time isn't completely wasted, do yourself a favor and look up any recent "anti-scammer" YouTube video. There are many things these people can do, including changing information on any sort of website page, and even in emails as well. While your questionable wiki link contains some valid info, I'm telling you that Steam doesn't guard its' user's info as well as you're saying, which is yet another thing I've already said. Because they have your email, they send a malicious email that LOOKS like a guard email, except the code is authentic and the second you sign in through that email, the scammer has your username, password, and more importantly, access to your account.

I know what I'm talking about, as I've worked in Cyber Security for about a year and a half, and interned at CyberArk not even a month after I originally wrote this post. I have no interest arguing with morons, however, so I'll simply leave this here and unsubscribe from the discussion, as there is nothing of value being posted here, other than what I've written.

Didn't ask, get a life instead of giving yourself a pat on the back and being rude to people who give you right answers. If you studied/worked in that field you wouldn't have even had to make this post in 2018 Mr.KnowItAll.

Originalmente postado por AndrewJago USMC:

Interesting, everything you just typed was incorrect, as I previously stated. My PC generates random 26-character passwords for EVERYTHING I do involving log-ins, so therefore it is physically impossible that someone found a "valid" password, especially because mine is so well encrypted. Do the math, it literally takes about 3 QUADRILLION years to decrypt a randomized 26 char password.

Steam Guard e-mails are also sent when someone signs in from a new device (scammer's PC, obviously) or selects the "Forgot my password" or "Forgot my email/username" option, in which case an email is sent out, and if it's the email that's forgotten, a two-factor authentication is sent, usually to a mobile number or secondary email.

And so that your time isn't completely wasted, do yourself a favor and look up any recent "anti-scammer" YouTube video. There are many things these people can do, including changing information on any sort of website page, and even in emails as well. While your questionable wiki link contains some valid info, I'm telling you that Steam doesn't guard its' user's info as well as you're saying, which is yet another thing I've already said. Because they have your email, they send a malicious email that LOOKS like a guard email, except the code is authentic and the second you sign in through that email, the scammer has your username, password, and more importantly, access to your account.

I know what I'm talking about, as I've worked in Cyber Security for about a year and a half, and interned at CyberArk not even a month after I originally wrote this post. I have no interest arguing with morons, however, so I'll simply leave this here and unsubscribe from the discussion, as there is nothing of value being posted here, other than what I've written.

Ah yes, another cyber security expert who became compromised

Originalmente postado por AndrewJago USMC:

I know what I'm talking about, as I've worked in Cyber Security for about a year and a half, and interned at CyberArk not even a month after I originally wrote this post. I have no interest arguing with morons, however, so I'll simply leave this here and unsubscribe from the discussion, as there is nothing of value being posted here, other than what I've written.

Accounts are PHISHED not hacked by users giving away their account details AND more importantly the Steam Guard code to access the account. Now as a Cyber Security Expert you would know that and Gabe Newell's account remains safe after all these years.

Been here 16+ years, never lost access to my account.

Originalmente postado por Nx Machina:

Accounts are PHISHED not hacked by users giving away their account details AND more importantly the Steam Guard code to access the account. Now as a Cyber Security Expert you would know that and Gabe Newell's account remains safe after all these years.

This in spite of GabeN literally giving away his login credentials at a press conference.

... or my system staying safe & sound for years despite putting my gaming battlestation into my router's DMZ (meaning unfirewalled access from the internet). Basic security hygiene trumps cyber dangers any day of the week. Too bad hordes of idiots prefer to rely on what's basically superstition.

There's a fantastic read on that topipc, an oldie by IT standards, but stands just as true: https://arstechnica.com/information-technology/2015/07/what-amateurs-can-learn-from-security-pros-about-staying-safe-online/