Originally posted by Termix:

Hello steamcommunity,

I've had this account for more than 14 years and never had any issues.

Yesterday I received an official mail from steam that someone logged into my account with the correct password, the IP address was based in Turkey (I live in Germany), but since the guy couldn't access my e-mail I think there was no harm done.

But I'm confused, how can this happen? I've ran Windows Defender, Spybot and MalwareBytes Premium - nothing found.
I also never accessed my account from any other PC and/or mobile device.

Any ideas?

Password reuse would be a rather likely. Of that's the case, chane your PW to someone unique and be done with it.

I have had that password for 15 years, never used it on any other site (all my passwords are unique), changed it immediately after I received the email.

I never enter my login information in my webbrowser, unless I really need to, last time was like 1 year ago when I bought a new pc.


My old e-mail that's also my accountname (it's also on haveibeenpwned) used a password that was a bit related to my steam password (5 out of 10 letters were identical), but that's not enough to consider it as a possibility or am i wrong?

Make sure the account name in the email is really yours.

Make sure the email was real.

Cross check here... https://help.steampowered.com/en/accountdata/SteamLoginHistory

Yes, it is my account name, the email read as followed:
"This email was generated because of a login attempt from a computer located at xx.xxx.xx.xxx (TR). The login attempt included your correct account name and password.

The Steam Guard code is required to complete the login. No one can access your account without also accessing this email."

xxxxx is the ip (not mine).

It was an login attempt, so it doesn't show in the history.

As I said he had the right password (according to the email), but probably couldn't access my e-mail (linked to an ancient cellphone).

And the e-mail redirects me to the official steam site (for the IP/location comparison), the sender is noreply@steampowered, as usual.

Originally posted by cSg|mc-Hotsauce:

Make sure the account name in the email is really yours.

Make sure the email was real.

Cross check here... https://help.steampowered.com/en/accountdata/SteamLoginHistory

Any other ideas how someone could have obtained my password?
I must admit, it was rather simplistic (15 years ago I wasn't as aware), all small letters (no meaning or a word though), would anyone try to bruteforce an account/is that even possible?

Brute forcing would not be possible with the lock out cooldowns Valve has in place.

99% of the time, it is because a user gave away his account credentials to a fake Steam login screen.

Originally posted by Termix:

Hello steamcommunity,

I've had this account for more than 14 years and never had any issues.

Yesterday I received an official mail from steam that someone logged into my account with the correct password, the IP address was based in Turkey (I live in Germany), but since the guy couldn't access my e-mail I think there was no harm done.

Any ideas?

Easiest question: do you use the same username/password combination on other accounts?

When login databases get stolen, people throw the name/password combinations at all sorts of sites.

Originally posted by cSg|mc-Hotsauce:

Brute forcing would not be possible with the lock out cooldowns Valve has in place.

99% of the time, it is because a user gave away his account credentials to a fake Steam login screen.

Yeah, I certainly did not do this and that's what worries me quite a bit.

Originally posted by Kargor:

Easiest question: do you use the same username/password combination on other accounts?

When login databases get stolen, people throw the name/password combinations at all sorts of sites.

I never used the same password for two sites, that's why I'm actually worried.

I ran Malwarebytes Premium, Windows Defender, Spybot and Avira now... still not a single result.

If I have a keylogger on my PC (that doesn't get recognized by all programs) - would it be able to grab my steam password from the "login memory" on my pc (I haven't entered the password manually for more than a year)?

The only thing that came to my mind is mods.
Can .cab files contain malware? I actually downloaded a few Witcher 3 Mods, could this be the reason for the hijack attempt? I checked the files after the download, but it's really the only thing that I've changed in months.

The same event happened with me I was very surprised
the story is i got 2 email in one of my emails in Dec 24, 2017
login attempt from a web or mobile device located at xxx.xx.xxx.xx (IN).
But the big surprise is, not this account
this login was to a steam account that i lost in 2008-2009 i think
i lost everything about it, how this one do that !
i'm the owner and don't know Password, Email,i forgot the id login too

i just THANKFUL to this guy from india for find my account information that i can't remember them from years XD

Originally posted by Termix:

My old e-mail that's also my accountname

So the email it was sent to would be the same name as your account?

In these cases the "hello" would be the right name in a fake email as well.
Maybe thats how they phish for old accounts.

If you use steam guard auth app, you would not receive emails with codes. That is the easiest sign of fake email in your case.

Do you use auth app?

Originally posted by Muppet among Puppets:

Originally posted by Termix:

My old e-mail that's also my accountname

So the email it was sent to would be the same name as your account?

In these cases the "hello" would be the right name in a fake email as well.
Maybe thats how they phish for old accounts.

If you use steam guard auth app, you would not receive emails with codes. That is the easiest sign of fake email in your case.

Do you use auth app?

No, I do not use the auth app, but my email is protected with a phone, so Steamguard via e-mail is enough for me.

I have changed the associated e-mail address a few years back, when I heard that my old e-mail provider had a security breach.
My account name is my old e-mail address (it has nothing to do with my username) and this very address showed up in the e-mail, so I'm nearly 100% sure that the e-mail is not a fake.

If there is no way that someone sending an email could get the account name right,
and there is no relation between the new email and ANY account associated which has the name of the old email,
the combination of new email and old email got known,
or details leaked (steam details etc)

Maybe its best to make sure you are safe and not sorry.

Originally posted by Muppet among Puppets:

If there is no way that someone sending an email could get the account name right,
and there is no relation between the new email and ANY account associated which has the name of the old email,
the combination of new email and old email got known.

Maybe its best to make sure you are safe and not sorry.

Okay for clarification:
I received an e-mail from Steam, which told me that someone logged in with my accountname and the correct password, there was also a link that showed the login ip address.

But the login wasn't "completed", because whoever tried to login couldn't get the Steamguard code from my e-mail.

This doesn't mean that the "hijacker" knows my new e-mail address, just my accountname (which is my old e-mail - i still even have access to that e-mail) and password.

I just have no idea how he could've obtained my password, i ran so many scan tools and not a single suspicious file...