All Discussions > Steam Forums > Help and Tips > Topic Details
Thedutchjelle Mar 16, 2018 @ 6:08am
Login attempt from India ( stopped by 2FA) - how did they get pass?
Hello guys,

I'm a bit stumped here. I received an email this morning with a passcode for login - appearantly someone in India tried to log in on my account but was stumped by the 2FA. Thank god for that - however I'm unsure how in God's name he got my password (obviously I immediatly changed it). It was a randomized 20 character long password that was only used for Steam. I only ever use it to log in the steam login page.
Obviously I immediatly did a scan for keyloggers/viruses but nothing came up.

How in god's name did they get the pass? Could there be an issue with the steam webbrowser or something? Is there something I missed?
I run Windows 10, running Avast and Malwarebytes regularly to keep my machine pest free.
< >
Showing 1-12 of 12 comments
Visualvengeance Mar 16, 2018 @ 6:15am 
Are you using a password manager? If so, is an online one? This is very concerning and scary, I recommend you change your password for you email as well.
Don't use the steam webroser, it's really not that secure, and there's no way for you to add extensions which block ads and trackers as you can do with other browsers.
Last edited by Visualvengeance; Mar 16, 2018 @ 6:16am
#1
Thedutchjelle Mar 16, 2018 @ 6:24am 
I'm not using an online password manager, and thankfully I got fairly long passwords for most things to prevent them being hacked by brute force or just being guessed by a dictionarybot. My email is thankfully also secure without any log in attemps that wasn't mine, though I'll seriously consider updating the pass on that one as well (though my email also has 2FA ). Just to be sure, I'll wipe all stored passes on this computer and update all the critical ones.

I really do not understand how they got that password correctly as it was both long and random. I must have done something wrong, but I cannot understand what as my machine is clean.

Thanks for the warning on the browser, I'll stick to Firefox.
Last edited by Thedutchjelle; Mar 16, 2018 @ 6:25am
#2
Black Blade Mar 16, 2018 @ 6:24am 
Originally posted by Visualvengeance:
Are you using a password manager? If so, is an online one? This is very concerning and scary, I recommend you change your password for you email as well.
Don't use the steam webroser, it's really not that secure, and there's no way for you to add extensions which block ads and trackers as you can do with other browsers.
Well, for the most part, you don't need them as it only opens Steam sites for the most part

@OP that does sound pretty odd is it possible you log in somewhere else on an infected system or massively login a fake Stea site?
#3
Thedutchjelle Mar 16, 2018 @ 6:27am 
Originally posted by Black Blade:
Originally posted by Visualvengeance:
Are you using a password manager? If so, is an online one? This is very concerning and scary, I recommend you change your password for you email as well.
Don't use the steam webroser, it's really not that secure, and there's no way for you to add extensions which block ads and trackers as you can do with other browsers.
Well, for the most part, you don't need them as it only opens Steam sites for the most part

@OP that does sound pretty odd is it possible you log in somewhere else on an infected system or massively login a fake Stea site?

I don't know, though I will check some other machines running Steam in this household as soon as I got the oppertunity. It's a good call, and I'll explore this possibility as the most likely for now.
I barely if ever log on Steam through an internet browser as it's just as easy for me to boot the client, so I don't think I fell for a fake steam site.
#4
Visualvengeance Mar 16, 2018 @ 6:30am 
Seems like you know what you're doing and avoid common mistakes, which makes this all the more concerning :steamsad:
#5
Black Blade Mar 16, 2018 @ 6:31am 
Originally posted by Thedutchjelle:
I don't know, though I will check some other machines running Steam in this household as soon as I got the oppertunity. It's a good call, and I'll explore this possibility as the most likely for now.
I barely if ever log on Steam through an internet browser as it's just as easy for me to boot the client, so I don't think I fell for a fake steam site.
Good they did not get in any way

And overall I don't think the client has so much of a problem, beyond malware getting on it (that was clear with Malwarebytes) I yet to hear someone having any "hacking" happening on it

Any way as you say it was a random password, it means most likely they got it somehow, sadly I really don't have much of an idea how there where able to do it, if your PCs are secure and it does sound like you know to watch from fake sites
#6
Thedutchjelle Mar 16, 2018 @ 6:40am 
Originally posted by Black Blade:
Originally posted by Thedutchjelle:
I don't know, though I will check some other machines running Steam in this household as soon as I got the oppertunity. It's a good call, and I'll explore this possibility as the most likely for now.
I barely if ever log on Steam through an internet browser as it's just as easy for me to boot the client, so I don't think I fell for a fake steam site.
Good they did not get in any way

And overall I don't think the client has so much of a problem, beyond malware getting on it (that was clear with Malwarebytes) I yet to hear someone having any "hacking" happening on it

Any way as you say it was a random password, it means most likely they got it somehow, sadly I really don't have much of an idea how there where able to do it, if your PCs are secure and it does sound like you know to watch from fake sites

Yeah so it has me worried a bit to, as I'm generally tech savvy enough and I doubt I just uncovered a giant Steam leak - I trust Valve and Steam enough to know what they're doing. So I must've ♥♥♥♥♥♥ up somewhere but I just cannot think of any place or reason. I'll look into the other PCs in this household and for now I'll simply replace all neccesary passwords. Thanks for the input though.
#7
Muppet among Puppets Mar 16, 2018 @ 7:04am 
Do you use steam app to generate your codes?
Then emails with codes are sure fakes.

Check the login name in the email. If hello "" is even the name for your account.
#8
Frank ツ Mar 16, 2018 @ 7:17am 
Did you deauthorisize all devices from steam guard/2fa?
#9
Thedutchjelle Mar 16, 2018 @ 7:25am 
Originally posted by Muppet among Puppets:
Do you use steam app to generate your codes?
Then emails with codes are sure fakes.

Check the login name in the email. If hello "" is even the name for your account.

The email was from the noreply steam e-mail and was as such
"hello [username], here is the Steam Guard code you need to login to account [username]:
This email was generated because of a login attempt from a web or mobile device located at [ip adress] (IN). The login attempt included your correct account name and password.

The Steam Guard code is required to complete the login. No one can access your account without also accessing this email.

If you are not attempting to login then please change your Steam password, and consider changing your email password as well to ensure your account security.

If you are unable to access your account then use this account specific recovery link for assistance recovering or self-locking your account."

I don't use the app.

Originally posted by Frank ツ:
Did you deauthorisize all devices from steam guard/2fa?

Good idea. Done.

Also managed to check other computers in the meantime, and Malwarebytes found 12 issues on my brothers computer which we promptly deleted. I've recommended he updates his passwords as well (though I obviously dont know if those issues are related to this, but better safe than sorry).
Last edited by Thedutchjelle; Mar 16, 2018 @ 7:25am
#10
Muppet among Puppets Mar 16, 2018 @ 12:21pm 
Originally posted by Thedutchjelle:
"hello [username], here is the Steam Guard code you need to login to account [username]:
Just to make sure, it was the login name?
#11
ᴠᴀʀ Mar 16, 2018 @ 12:29pm 
You didn't click on any links from people in your friendslist that redirected you to a steam site? (probably a fake one)

Think who you talked to prior that login.
#12
< >
Showing 1-12 of 12 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Mar 16, 2018 @ 6:08am
Posts: 12
Start a New Discussion

Discussions Rules and Guidelines