Then tell me why Gabe Newall's account hasn't been stolen?
You can Google his account username and password, he made them public, but because no one but him has access to the 2FA, no one but him can get into his account.
The security hole is the USER, not the security when it comes to your Steam account.

Diposting pertama kali oleh nightstalker:

Diposting pertama kali oleh HikariLight:

The only way someone that isn't the account owner can get into the account is if the account owner gave away the account username, password, and 2FA.

Finally, we're getting somewhere.

Someone could get my password, sure, I might had it leaked in the past. Username isn't that hard either, MFA/2FA? How?

So I confirmed the login? Is that what You're saying? Why would I confirm login from Poland, when I'm in Slovakia? This makes no sense.

And here we are. MFA/2FA is suppose to protect Your account, and when You don't confirm "it's You", it's not suppose to let You in. But here we are, attacker got in, and attacker changed things, that aren't suppose to be easy to change by a ♥♥♥ in under a minute. Yet it happened again.

Steam as a platform is running on an archaic system regarding everything. This is just another thing that bubbled over. Just look at the design of the client and forums, it looks like early 2000s designs. And MFA/2FA is obviously flawed.

Whole point of MFA/2FA is, that when I as the only owner and an only guy with activated device for Steam Guard don't give my say so, nothing happens on my account. Boy, do I have some news for You. It's not how it works. You can repeat Your blind faith creed in Steam how many times You want, it won't change the facts. Steam user protection is weak, has holes in it and vulnerabilities, otherwise, this wouldn't happen.

I've had some attacks on my MS account in the past. Attacker/♥♥♥ never gotten past my 2FA/MFA, never. Also I didn't know about 90% of the attacks, because 2FA/MFA didn't bother to activate, when the login was from different country than my home country.

Steam should work the same. I live in Slovakia. I have my steam account for 23 years now. And I've never logged in from different country. And now, I had two logins in one day from two different countries.

Why did Steam system allow it in? Why didn't it want extra confirmation, whether it's me?

When my Credit Card was abused, bank called me at 3am and asked me, whether I'm in Philipines or somewhere and blocked the card immediately, when I said I wasn't.

Steam is leaky and unreliable and this is just another proof. MFA/2FA should be bulletproof. And You can even make it bulletproof, it's easy. Combine GeoiP/specific iP and 2FA/MFA and voila, no one can get in Your account.

I have like dozens of authentications from my static iP in my Steam log. And suddenly there was one or two from completely diffent country and iP. This is childs mistake on the side of Steam, to let someone from abroad do such operations. Total nonsense.

i can give you a quick rundown on the how

victim goes to page they believe is steam but is instead fake

victim enters their steam credentials

including the 2fa

to what turns out to be a ♥♥♥

♥♥♥ enters credentials into steam and now has full access

that is a simple breakdown of one potential possibility

there are many,

but steam itself has not been breached

the info from said breach would be for sale somewhere and it is not

i have looked

you can find many accounts for sale

taken through the method above or one of the many others

but no scraped info from steam is available

Diposting pertama kali oleh HikariLight:

Then tell me why Gabe Newall's account hasn't been stolen?
You can Google his account username and password, he made them public, but because no one but him has access to the 2FA, no one but him can get into his account.
The security hole is the USER, not the security when it comes to your Steam account.

Discussing with You is pointless. You either think I'm some double digit iQ mouthbreather, or I don't know. Tons of accounts get stolen everyday. And each of these people roll over and let first "not their login attempt" in?

So it's not Valves' fault, that GeoiP is ignoring all the basic rules set by it security internet industry for past 4 decades. It's not Valves' fault, that the MFA/2FA data stream can be spoofed. It's not Valve's fault, that literally milliseconds after login from absolutely suspicious iP,/location one can remove GSM contact without SMS confirmation from the original number, can remove original e-mail wirhout confirmation from the original e-mail address [no, I've had no e-mail logins from foreign iP addresses, I checked the e-mail login logs], can change Steam iD without any of the previous factors in under 60 seconds.

This is NSA/CiA grade of security mechanics and principles, right? And it's all users fault. I mean come on. You can't be serious. Are You trolling me? Are You having fun? Joke's on me and You are simply being mischievous? Anything else doesn't make sense. Even a high-scholler can see that there are at least dozen logical fatal errors in Valves' Steam security system.

Once more, this didn't happen in matter of minutes, or hours, this happened under one minute. I posted proof a while ago, where You can see the arrival of three critical e-mail messages in a sequence.

Another i logged in somewhere and gave all my details away or I clicked a link and got a trojan denier
If you think your right OP then stop posting and carry on by your self.
Steam is secure its your fault

Diposting pertama kali oleh KalCuey:

Diposting pertama kali oleh nightstalker:

Finally, we're getting somewhere.

Someone could get my password, sure, I might had it leaked in the past. Username isn't that hard either, MFA/2FA? How?

So I confirmed the login? Is that what You're saying? Why would I confirm login from Poland, when I'm in Slovakia? This makes no sense.

And here we are. MFA/2FA is suppose to protect Your account, and when You don't confirm "it's You", it's not suppose to let You in. But here we are, attacker got in, and attacker changed things, that aren't suppose to be easy to change by a ♥♥♥ in under a minute. Yet it happened again.

Steam as a platform is running on an archaic system regarding everything. This is just another thing that bubbled over. Just look at the design of the client and forums, it looks like early 2000s designs. And MFA/2FA is obviously flawed.

Whole point of MFA/2FA is, that when I as the only owner and an only guy with activated device for Steam Guard don't give my say so, nothing happens on my account. Boy, do I have some news for You. It's not how it works. You can repeat Your blind faith creed in Steam how many times You want, it won't change the facts. Steam user protection is weak, has holes in it and vulnerabilities, otherwise, this wouldn't happen.

I've had some attacks on my MS account in the past. Attacker/♥♥♥ never gotten past my 2FA/MFA, never. Also I didn't know about 90% of the attacks, because 2FA/MFA didn't bother to activate, when the login was from different country than my home country.

Steam should work the same. I live in Slovakia. I have my steam account for 23 years now. And I've never logged in from different country. And now, I had two logins in one day from two different countries.

Why did Steam system allow it in? Why didn't it want extra confirmation, whether it's me?

When my Credit Card was abused, bank called me at 3am and asked me, whether I'm in Philipines or somewhere and blocked the card immediately, when I said I wasn't.

Steam is leaky and unreliable and this is just another proof. MFA/2FA should be bulletproof. And You can even make it bulletproof, it's easy. Combine GeoiP/specific iP and 2FA/MFA and voila, no one can get in Your account.

I have like dozens of authentications from my static iP in my Steam log. And suddenly there was one or two from completely diffent country and iP. This is childs mistake on the side of Steam, to let someone from abroad do such operations. Total nonsense.

i can give you a quick rundown on the how

victim goes to page they believe is steam but is instead fake

victim enters their steam credentials

including the 2fa

to what turns out to be a ♥♥♥

♥♥♥ enters credentials into steam and now has full access

that is a simple breakdown of one potential possibility

there are many,

but steam itself has not been breached

the info from said breach would be for sale somewhere and it is not

i have looked

you can find many accounts for sale

taken through the method above or one of the many others

but no scraped info from steam is available

I didn't login to Steam account using 2FA/MFA at all in the past week. This happened yesterday. 2FA/MFA code lasts for 30 seconds, than it's invalid forever or at least gazillion cycles. How? Please do explain me how?

That's a first. Second, I've had MFA/2FA push. I've opened it. I didn't confirm nor deny anything, my App was simply logged out. Please, do enlighten me of the ways how this could've happened. If I wasn't there real-time when it was happening sure, I'd give You a benefit of a doubt. But this way I was suppose to be in control of the MFA/2FA tokens, no other device than my phone. My phone is malware free. Here, a proof:

https://imgur.com/gallery/yybm2D0

Diposting pertama kali oleh Carlos100:

Another i logged in somewhere and gave all my details away or I clicked a link and got a trojan denier
If you think your right OP then stop posting and carry on by your self.
Steam is secure its your fault

I didn't login anywhere. My data could've been stolen inthe past. My MFA/2FA couldn't have been. That's my whole point. It's a real-time protection lpgin entry point and factor available through one or multiple concurrently activated devices. I've had one activated at that time, my phone. What exactly do You not understand?

Diposting pertama kali oleh nightstalker:

Diposting pertama kali oleh Carlos100:

Another i logged in somewhere and gave all my details away or I clicked a link and got a trojan denier
If you think your right OP then stop posting and carry on by your self.
Steam is secure its your fault

I didn't login anywhere. My data could've been stolen inthe past. My MFA/2FA couldn't have been. That's my whole point. It's a real-time protection lpgin entry point and factor available through one or multiple concurrently activated devices. I've had one activated at that time, my phone. What exactly do You not understand?

Its not us that doesnt understand its you.
Steam is secure you let your details out by some way.
You need to just accept that all the people with years of experience and knowledge on this forum is telling you what happened.
You goofed sometime it happens and now you just make your account secure and move on

Diposting pertama kali oleh Carlos100:

I pay for the ChatGPT Plus, and because I was starting to doubt myself, here's the result with link guys. I pasted him/it whole convo:

https://chatgpt.com/share/67ccd4da-9f08-8006-befd-07b775adabd0

Chat GPT told me in the end:

Final Thought:
In short, I think you're right in criticizing the system’s flaws. You're not wrong to be upset about the speed and the apparent vulnerability in Steam's system. You might not have given away your 2FA information directly, but there could be an issue with how Steam handles session security and MFA in practice.

If you want, we can brainstorm some next steps or strategies to recover your account, or you could reach out to Steam support again with this in mind.

Diposting pertama kali oleh nightstalker:

Diposting pertama kali oleh Carlos100:

I pay for the ChatGPT Plus, and because I was starting to doubt myself, here's the result with link guys. I pasted him/it whole convo:

https://chatgpt.com/share/67ccd4da-9f08-8006-befd-07b775adabd0

Chat GPT told me in the end:

Final Thought:
In short, I think you're right in criticizing the system’s flaws. You're not wrong to be upset about the speed and the apparent vulnerability in Steam's system. You might not have given away your 2FA information directly, but there could be an issue with how Steam handles session security and MFA in practice.

If you want, we can brainstorm some next steps or strategies to recover your account, or you could reach out to Steam support again with this in mind.

LOL

And there's the chatbot being downright WRONG again.

Gotta love it.

Thanks for the laugh.

Diposting pertama kali oleh Mr. Smiles:

I beg to differ, since people in this convo obviously and evidently do not understand the very basics of iT/internet security, principles and mechanics. I mean ones like critical event time-delay at entry or critical change points, GeoiP whitelisting and blocking, suspicious logins determined by steady iP/country usage pattern. I'm writing here about absolute and utter basics, absolute 1 oh 1 level of it sec. I mean come on, spoofable and hijackable 2FA/MFA? For a billion dollar comoany? Really? It never happened to me with MS, it never happened to me with Google, it never happened to me with Adobe, nor any other big corpo.

"Chatbot" as You called ChatGPT sees my point, since it's obvious. And You're just another one who falls in in the line of this grey mass which absolutely doesn't understand the very basics. Nevermind though, move along, nothing to see here for the likes of You. I came here for help, or empathy, not for ridicule nor mockery.

When we're at it, I must admit, this community is really toxic. It's not only full of mischievous, malicious, and insidious, but straightforward evil trolls, or rather feeble-minded people. There's literally not a single person in this thread, who'd either help me, try to help me, or agree with obvious facts that I stated. What a horrible society we live in. You probaby do not realize this, but what You all are demonstrating here can be defined as mobbing and as a partial sociopathy, or Antisocial personality disorder (ASPD). Its main feature is inability and/or incapability of empathy, nor sympathy. That's what this thread represents in a nutshell my friend. It's the very encyclopedic definition of it.

Diposting pertama kali oleh nightstalker:

Diposting pertama kali oleh Mr. Smiles:

I beg to differ, since people in this convo obviously and evidently do not understand the very basics of iT/internet security, principles and mechanics. I mean ones like critical event time-delay at entry or critical change points, GeoiP whitelisting and blocking, suspicious logins determined by steady iP/country usage pattern. I'm writing here about absolute and utter basics, absolute 1 oh 1 level of it sec. I mean come on, spoofable and hijackable 2FA/MFA? For a billion dollar comoany? Really? It never happened to me with MS, it never happened to me with Google, it never happened to me with Adobe, nor any other big corpo.

"Chatbot" as You called ChatGPT sees my point, since it's obvious. And You're just another one who falls in in the line of this grey mass which absolutely doesn't understand the very basics. Nevermind though, move along, nothing to see here for the likes of You. I came here for help, or empathy, not for ridicule nor mockery.

When we're at it, I must admit, this community is really toxic. It's not only full of mischievous, malicious, and insidious, but straightforward evil trolls, or rather feeble-minded people. There's literally not a single person in this thread, who'd either help me, try to help me, or agree with obvious facts that I stated. What a horrible society we live in. You probaby do not realize, but what You all demonstrate here can be defined as a partial sociopathy, or Antisocial personality disorder (ASPD). Its main feature is inability and/or incapability of empathy, nor sympathy. That's what this thread represents in a nutshell my friend. It's the very encyclopedic definition of it.

That's a lot of words for "I let my account get phished and blame everyone but myself".

You've been told why accounts don't get "haxx0red" you've been told, how to recover and secure your account, and you've been told about common scams, what to look for, and how to keep your account secure.

But no, its steam's fault, and its the users who are being toxic. Because, of course it is.

There's no other explanation is there? Your AI chatbot confirmed your suspicions, so its obvious now. Steam somehow got breached and the bad guys went after your account, and not GabeN's, or one of those inventory ♥♥♥ accounts with 100s of CS2 knives, or anyone else's because reasons.

Not to mention no one seems to be reporting on this massive security breach, which is odd, considering you would think everyone would be...

But no, its much more plausible that you got haxx0red and not phished, because you know net security, you are an expert, and everyone else has some kind of disability, as stated.

Amazing.

Diposting pertama kali oleh nightstalker:

Steam MFA/2FA can be easily bypassed, my account was stolen


Today my account was stolen in less than 60 seconds.

I had a push notification that someone from Poland or somewhere is trying to login to my account.

In under 60 seconds my Steam Guard Mobile Authenticator has been deactivated without any action of mine. My Phone Number was removed from my account without any action of mine. I didn't receive any e-mail nor SMS request wirh new number. And my e-mail + steam iD have been changed without any action of mine. It all happened in less than 60 seconds.

https://imgur.com/gallery/qZMzYRX

Once my Your Steam Guard App pushed notification to me, I wanted to change my password immediately, but I wasn'table to, since getting to a PC, booting it up, starting Steam a changing password takes a lot longer than 60 seconds. Also user should be able to change password via Steam Guard App. You can't change Your password in Browser. You can't change it in Steam App on Your phone. You can change it only via Windows, Linux or macOS Steam client.

This is really frustrating. I literally didn't stand a chance.

Steam shouldn't allow change of all these items in under 60 seconds.

E.g. when someone from different iP than Yours stable and months or years long used iP logs to Your account, there should be at least 24 hour time period to allow phone number change like Apple has it. And another 24 hours for e-mail change. Another 24 hours for Steam iD change.

Being able to bypass 2FA/MFA, remove phone number, change e-mail, change password, change steam iD and set new ones in under 60 seconds without owners agreement is simply unthinkable. Yet it happened.

Already wrote to Steam support from this account. I hope it gets resolved. Had some credit on Steam account and tons of games and mostly saves. This is horrible 😤😡🤬

Diposting pertama kali oleh nightstalker:

Diposting pertama kali oleh Mr. Smiles:

I beg to differ, since people in this convo obviously and evidently do not understand the very basics of iT/internet security, principles and mechanics. I mean ones like critical event time-delay at entry or critical change points, GeoiP whitelisting and blocking, suspicious logins determined by steady iP/country usage pattern. I'm writing here about absolute and utter basics, absolute 1 oh 1 level of it sec. I mean come on, spoofable and hijackable 2FA/MFA? For a billion dollar comoany? Really? It never happened to me with MS, it never happened to me with Google, it never happened to me with Adobe, nor any other big corpo.

"Chatbot" as You called ChatGPT sees my point, since it's obvious. And You're just another one who falls in in the line of this grey mass which absolutely doesn't understand the very basics. Nevermind though, move along, nothing to see here for the likes of You. I came here for help, or empathy, not for ridicule nor mockery.

When we're at it, I must admit, this community is really toxic. It's not only full of mischievous, malicious, and insidious, but straightforward evil trolls, or rather feeble-minded people. There's literally not a single person in this thread, who'd either help me, try to help me, or agree with obvious facts that I stated. What a horrible society we live in. You probaby do not realize, but what You all demonstrate here can be defined as a partial sociopathy, or Antisocial personality disorder (ASPD). Its main feature is inability and/or incapability of empathy, nor sympathy. That's what this thread represents in a nutshell my friend. It's the very encyclopedic definition of it.

How can all the Steam account security measures be breached all at once if you didn't downright gave it to them? Here's simple answer: you placed all your eggs in the same basket. If your mobile device is hacked, which had Steam logged in, Steam Guard is located, your email logged in, this explains how hacking guarded account is possible. Lot of old email accounts/passwords are often hacked, is available online as well.

It doesn't serve any purpose for you to complain to non-admin users your problems, where Steam Support is truly who can help you with the account issues after the damage is done. It doesn't serve any purpose that you go rage on random people you don't even know online, but only have general knowledge of what may have happened. Your demeanor of criticizing others in rage is rather amusing to many, despite the time they took trying to help you. You raging on response to what doesn't work for you is exact definition of "my way or highway", tantrum-like behavior.

And now don't say that android device security is non-hackable, because that statement always made me laugh even at the initial state of their release.

Also don't go around saying you got your "credible" information from wiki or chat AI. You do know that chat AI will pretend to know and give you false information, when they don't know? They don't just say "I do not know" or "I couldn't find the knowledge you were looking for sorry". No, they often don't do that, when they should.

For some reason, YOU were the only of few people who got hacked (except CS players that give their credentials for skin cases and trading), instead like 30~70~100% of people on Steam database, if such hacking were possible? Why am I still not hacked?

hahahahahahhahahaha......................hahahahahahahah chatbot....they went to chatbot for the answers

Diposting pertama kali oleh Mr. Smiles:

Diposting pertama kali oleh nightstalker:

I beg to differ, since people in this convo obviously and evidently do not understand the very basics of iT/internet security, principles and mechanics. I mean ones like critical event time-delay at entry or critical change points, GeoiP whitelisting and blocking, suspicious logins determined by steady iP/country usage pattern. I'm writing here about absolute and utter basics, absolute 1 oh 1 level of it sec. I mean come on, spoofable and hijackable 2FA/MFA? For a billion dollar comoany? Really? It never happened to me with MS, it never happened to me with Google, it never happened to me with Adobe, nor any other big corpo.

"Chatbot" as You called ChatGPT sees my point, since it's obvious. And You're just another one who falls in in the line of this grey mass which absolutely doesn't understand the very basics. Nevermind though, move along, nothing to see here for the likes of You. I came here for help, or empathy, not for ridicule nor mockery.

When we're at it, I must admit, this community is really toxic. It's not only full of mischievous, malicious, and insidious, but straightforward evil trolls, or rather feeble-minded people. There's literally not a single person in this thread, who'd either help me, try to help me, or agree with obvious facts that I stated. What a horrible society we live in. You probaby do not realize, but what You all demonstrate here can be defined as a partial sociopathy, or Antisocial personality disorder (ASPD). Its main feature is inability and/or incapability of empathy, nor sympathy. That's what this thread represents in a nutshell my friend. It's the very encyclopedic definition of it.

That's a lot of words for "I let my account get phished and blame everyone but myself".

You've been told why accounts don't get "haxx0red" you've been told, how to recover and secure your account, and you've been told about common scams, what to look for, and how to keep your account secure.

But no, its steam's fault, and its the users who are being toxic. Because, of course it is.

There's no other explanation is there? Your AI chatbot confirmed your suspicions, so its obvious now. Steam somehow got breached and the bad guys went after your account, and not GabeN's, or one of those inventory ♥♥♥ accounts with 100s of CS2 knives, or anyone else's because reasons.

Not to mention no one seems to be reporting on this massive security breach, which is odd, considering you would think everyone would be...

But no, its much more plausible that you got haxx0red and not phished, because you know net security, you are an expert, and everyone else has some kind of disability, as stated.

Amazing.

I never said I didn't get phished. I even said my credentials might've been leaked. I do use password manager. What I'm about is that why isn't 2FA/MFA working. What's the purpose of e-mail and GSM layer, when it's being completely ignored when the account is literally being stripped of it's original ownership in seconds. That's all.

Diposting pertama kali oleh Tristin:

Diposting pertama kali oleh nightstalker:

Steam MFA/2FA can be easily bypassed, my account was stolen


Today my account was stolen in less than 60 seconds.

I had a push notification that someone from Poland or somewhere is trying to login to my account.

In under 60 seconds my Steam Guard Mobile Authenticator has been deactivated without any action of mine. My Phone Number was removed from my account without any action of mine. I didn't receive any e-mail nor SMS request wirh new number. And my e-mail + steam iD have been changed without any action of mine. It all happened in less than 60 seconds.

https://imgur.com/gallery/qZMzYRX

Once my Your Steam Guard App pushed notification to me, I wanted to change my password immediately, but I wasn'table to, since getting to a PC, booting it up, starting Steam a changing password takes a lot longer than 60 seconds. Also user should be able to change password via Steam Guard App. You can't change Your password in Browser. You can't change it in Steam App on Your phone. You can change it only via Windows, Linux or macOS Steam client.

This is really frustrating. I literally didn't stand a chance.

Steam shouldn't allow change of all these items in under 60 seconds.

E.g. when someone from different iP than Yours stable and months or years long used iP logs to Your account, there should be at least 24 hour time period to allow phone number change like Apple has it. And another 24 hours for e-mail change. Another 24 hours for Steam iD change.

Being able to bypass 2FA/MFA, remove phone number, change e-mail, change password, change steam iD and set new ones in under 60 seconds without owners agreement is simply unthinkable. Yet it happened.

Already wrote to Steam support from this account. I hope it gets resolved. Had some credit on Steam account and tons of games and mostly saves. This is horrible 😤😡🤬

Diposting pertama kali oleh nightstalker:

I beg to differ, since people in this convo obviously and evidently do not understand the very basics of iT/internet security, principles and mechanics. I mean ones like critical event time-delay at entry or critical change points, GeoiP whitelisting and blocking, suspicious logins determined by steady iP/country usage pattern. I'm writing here about absolute and utter basics, absolute 1 oh 1 level of it sec. I mean come on, spoofable and hijackable 2FA/MFA? For a billion dollar comoany? Really? It never happened to me with MS, it never happened to me with Google, it never happened to me with Adobe, nor any other big corpo.

"Chatbot" as You called ChatGPT sees my point, since it's obvious. And You're just another one who falls in in the line of this grey mass which absolutely doesn't understand the very basics. Nevermind though, move along, nothing to see here for the likes of You. I came here for help, or empathy, not for ridicule nor mockery.

When we're at it, I must admit, this community is really toxic. It's not only full of mischievous, malicious, and insidious, but straightforward evil trolls, or rather feeble-minded people. There's literally not a single person in this thread, who'd either help me, try to help me, or agree with obvious facts that I stated. What a horrible society we live in. You probaby do not realize, but what You all demonstrate here can be defined as a partial sociopathy, or Antisocial personality disorder (ASPD). Its main feature is inability and/or incapability of empathy, nor sympathy. That's what this thread represents in a nutshell my friend. It's the very encyclopedic definition of it.

How can all the Steam account security measures be breached all at once if you didn't downright gave it to them? Here's simple answer: you placed all your eggs in the same basket. If your mobile device is hacked, which had Steam logged in, Steam Guard is located, your email logged in, this explains how hacking guarded account is possible. Lot of old email accounts/passwords are often hacked, is available online as well.

It doesn't serve any purpose for you to complain to non-admin users your problems, where Steam Support is truly who can help you with the account issues after the damage is done. It doesn't serve any purpose that you go rage on random people you don't even know online, but only have general knowledge of what may have happened. Your demeanor of criticizing others in rage is rather amusing to many, despite the time they took trying to help you. You raging on response to what doesn't work for you is exact definition of "my way or highway", tantrum-like behavior.

And now don't say that android device security is non-hackable, because that statement always made me laugh even at the initial state of their release.

Also don't go around saying you got your "credible" information from wiki or chat AI. You do know that chat AI will pretend to know and give you false information, when they don't know? They don't just say "I do not know" or "I couldn't find the knowledge you were looking for sorry". No, they often don't do that, when they should.

For some reason, YOU were the only of few people who got hacked (except CS players that give their credentials for skin cases and trading), instead like 30~70~100% of people on Steam database, if such hacking were possible? Why am I still not hacked?

You're missing facts my friend.

https://www.bitdefender.com/en-us/blog/hotforsecurity/77000-steam-accounts-are-hacked-and-raided-every-month

And for the umpteenth time. I never stated I was hacked. I never said my credentials weren't leaked.

I said:

- why was my MFA/2FA blatantly ignored, I was literally looking at the situation in flagranti/e, when the login was in progress and I was being logged out of my Android Steam Guard App
- why is Valve allowing change of crucial credential attributes like:
- removal of the only MFA/2FA active device without me confirming it by a second factor [e-mail, SMS, etc.]
- removal of my GSM from my account, that's been there for 20+ years without prior confirmation via my original GSM
- changing of my e-mail address that I used for 20+ years without prior confirmation with my original e-mail address
- changing of my Steam iD that I used for 20+ years without prior confirmation via SMS, e-mail or MFA/2FA Steam Guard
- allowing all of this to happen, when the malicious login was engaged from Poland, while I logged in from Slovakia for entire 20+ years without VPN and now not a single system in it's entire secure Valve/Steam infallible glory evaluated any of these actions as suspicious. Wow, just wow. And it all happened in under 60 seconds. Because that's what people do. People remove they're only 2FA/MFA authenticator from their account, remove their GSM contact, change their e-mail address and change their Steam iD in under 60 seconds. Dude, user'd have to create a pretty sophisticated script for such an operation prior to it's engagement for it to be executed in under 60 seconds...

These are my questions. Every single of the points I stated are crude violation of absolute basics of user account internet security. This is what I'm pointing at. These are extremely lazy vulnerabilities in Steam/Valve System.

Again: 77,000 Steam accounts are hacked and raided every month.

You're all ignoring the facts and my arguments, that's all. Just because it didn't happen to You yesterday, or today, doesn't mean it won't happen tomorrow. Hey, guess what, I was thinking the same, since I use 2FA/MFA everywhere. Well, today I was a witness to it's failure and to an absolute incompetence of Valve's/Steam security measures.