You need to check for viruses with multiple tools cause not all virus definitions databases are equal. You need to check your security information on emails with a fine tooth comb. It's possible they have a password from another compromised site. So it wouldnt hurt to update your password.

Sounds like Steam Guard is doing its job, as they can only attempt to log into your account.

Even if you gave them the password and login name to your account, they can't log into it, without a Steam Guard code and the device to first be authorized.

That said, something still needs to be done to ensure all is well.

In the end, if all else fails, you have to consider a total and complete reformat of the hard drive(s) in the computer, and reinstall the OS afterwards.

But first, I would take other less drastic measures as you wish, and as the good Rez suggested above.

Thank you for reply.

Note: the issue is with not my device.
No trojan
I have reformatted and reinstall before.

Not my device.

Not my device.

I have tried updating password before. It seems they are using brute force to hack my account.

There is no compromise of account info on my part. Ever. No phishing no virus no keyloggers no Trojans.

Publicado originalmente por cliffordeg:

I have tried updating password before. It seems they are using brute force to hack my account.

Steam accounts are not hacked. If they are trying to log in, that is not a hack. They have not "hacked" anything.

EDIT.............

Maybe your email is compromised ?

Yes, I see you said it is not, but how do you really know ?

Use this :

https://haveibeenpwned.com/

EDIT............

The other thread is still open, by the way :

https://steamcommunity.com/discussions/forum/1/1747892655523925978/?ctp=2#c1747894017703690277

I have not turned on the device, or used that associated email for a long time.

You said that steam accounts are not hacked. How do you know?

Publicado originalmente por cliffordeg:

You said that steam accounts are not hacked. How do you know?

So you are suggesting that Valve's database has been breached, and when the attackers could have their hands on literally millions worth of banking information as in credit cards or other payment methods, email addresses, and phone numbers, no the attackers are only interested in showing their hand and using that breach success to get at your account only.

What makes your account so special, considering all this ? Think about it.

EDIT.......................

I don't think you quite understand how Brute Forcing works, along with Steam Guard.

As I said, even if you gave them your password and login name, they can't get into your account, without that Steam Guard code.

Gabe N himself gave out his password and account login name openly, and dared anyone to log into his own personal account. Because of Steam Guard, no one was able to do it. Their computers had not been authorized to use his account, by first having that Steam Guard code.

Now if the email address is ALSO compromised, where they can get that code, that is a different story.

Or, for example, someone openly gives out the Mobile Authenticator codes that allows someone else access to the account.

If the device looks new to Steam Guard, they can't log into your account.

That is how disabling all other devices works, as was explained in your other thread.

That's why making another thread on the same issue is not really a great idea.

Now, people can't see what has already been gone over completely, in your other thread and covered, so it will just have to be stated all over again here now.

https://steamcommunity.com/discussions/forum/1/1747892655523925978/

Publicado originalmente por cliffordeg:

I have not turned on the device, or used that associated email for a long time.

You said that steam accounts are not hacked. How do you know?

You’ve put a lot of reassuring claims out there suggesting that the problem isn’t on your end, despite it concerning your account. And not to sound pestering in questioning what you have written several times but *we* can’t actually confirm that you are right about that.
It might very well be that you have checked every corner of your security for breaches, but to what extent you have actually gone to test it is also important.
The situation sounds like it concerns your password especially, in that they probably know your account name by now, but you need to verify that changing your password actually has an effect, in that they are no longer able to send a request for you to receive a message about them wanting to login, unless the person can still get to your new password somehow. In which case figuring out how they do that is key.

I also see some questions in your other thread that you were reminded needed answering. You did not answer them.
Sorry, as that was not correct. But below you missed what I suggested to use here.

I also don't see that you used this tool and reported what, if anything, showed up :

Publicado originalmente por The Giving One:

Use this :

https://haveibeenpwned.com/

People can only try to help you so far, as you are willing to be helped, really. If you missed the questions and suggestions, that's fine. But I see posts where you just dismiss what people are suggesting to try, and just say instead to them "that is not happening" or "that does not apply to me or my case".

EDIT..........

This can also happen in totally innocent ways sometimes. Explained by the good Satoru in the other thread :

https://steamcommunity.com/discussions/forum/1/1747892655523925978/?ctp=2#c1747893552161414178

How do you see the attempts? As an email?
Is the name in the email text your login name at all?

The login attempts are notified on my mobile phone.

As an IT personnel myself, I understand that we usually attribute issues like this to user errors. However, I have spent months thinking of how to resolve , poring through all these suggestions and other websites.

Note :

The email and laptop have not been used for much purposes, except for playing torchlight in the past and testing my websites in the past.

The email have been used to create a Facebook page, and a YouTube account , besides this. There has been zero breach on these 2 accounts, since years ago till now, hence I can see its not an email breach.

The software installed on the laptop is minimal, as it was hardly used as I mentioned.

The laptop has only been used to check my websites for backward compatibility. And hardly even turned on for over a year, only once when I received the notification to check and did all the steps. I have the original disks for all my software so it was easy to just reinstall them over the weekend.

I simply do not see how anyone can steal the passwords as the browser only goes to my own created webpages and blogs, besides my YouTube channel as well. The email is not used otherwise as well.

My very first thought was the breach is on my end too. But I ruled it out by going through all the possible means.

Of course I am assuming there is even a breach at all. Since they were requesting for my steam guard code, all they have could just be my steam ID.

I could probably ignore these notifications, though it makes me extremely uneasy to put in payment details.

Important is to know, that a login request requires account name and password.

Lets assume steam was hacked, and someone able to gain your new passwords from steam directly (while steam likely does not store your password but the hash + salt),
this person would burn his ability and access by trying for months to get in your account, knowing he is missing the code.

That does not make sense.