Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
The author of this topic has marked a post as the answer to their question.
Discussions Rules and Guidelines
Report this post
Keep in mind that Valve does use industry standard security measures by not actually storing your password, but only a HASH that was additionally made harder to use by SALTing it.
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Salt_(cryptography)
So, even if there was a leak, that data would be pretty much unusable to get your actual password. Not without eons of time.
Most likely you leaked your password somehow.
https://haveibeenpwned.com/
Check for yourself.
If it still happens after a password change, then you are still leaking the password.
I will. Thank you for your prompt.
I changed a computer to operate the steam web.
I wrote a random string generator as a password.
After a while, I got the email to login with the correct username and password again.
I don't think such passwords are still leaked.
The new malicious login ip is: 121.230.171.240
It could be that you have another account that you forgot about, and that it's that account that is being targeted.
1. Use a web browser, and go to https://store.steampowered.com/
2. Log out if you are logged in, and then go to the login page.
3. Click the "Forgot your password" link.
4. Then click the "I forgot my steam account name or password".
5. Now you can search for accounts connected to your email.
But only if that name is unique to your steam account, and not for example is also part of your email or profile.
Thank you for your wonderful idea,
After careful inspection, I found that the account in the email is different from the account I used. The account attacked by malicious login is an account I haven't used for many years. Two accounts are bound to the same mailbox.
That account is the target account I was attacked. After I logged in to the old account and changed my password, the whole world was finally quiet.
I have received correct login emails for more than 20 hours in a row. Changing my password has also been attacked by malicious login all the time. The attacker seems to be trying to violently collide with my verification code in the way of infinite trial.
Thank you very much for your help.