My steam accoun was accessed from Florida and Mexico, i have steam guard enables so I would’ve received a text message confirmation but they were still able to access it. While looking through my emails just now I noticed that they did indeed log in to my account and not only that, they added funds from a MasterCard (not mine, I don’t have one) and it was $493.02! Which was later spent in the marketplace. Please I need help, I don’t wanna get caught up in any problems.
You need to report this to Steam/Valve ASAP.
And in future, 2FA through SteamGuard would likely be wise.
1 Like
Can I get a link please? I am nowhere near a computer right now and the mobile version doesn't help.
Here's a page for recovery details you'll need to put in a ticket: https://support.steampowered.com/kb_article.php?ref=2347-QDFN-4366
Here's a page with a change your password link at the bottom: https://help.steampowered.com/#HelpWithAccountStolen
Here's a tutorial for enabling Steam 2FA to help protect your account in the future: (only do this AFTER you have confirmed control and a new password!) https://www.turnon2fa.com/tutorials/how-to-turn-on-2fa-for-steam/
Here's a classic XKCD strip about how you -should- be making passwords:
And finally, you should be using a password manager. These help in all sorts of ways-- you only need to remember one password, they can help you make sure each password is unique, your accounts can't be hacked via a key logger whether it's hardware or software because you paste them instead of type them, etc., but remember that if you lose your master password, or it's revealed, everything is vulnerable:
https://agilebits.com/onepassword
https://lastpass.com/ (what I use)
http://keepass.info/ (open source)
There are others out there.
Change your email password as well, just to be safe.
1 Like
Will do, I'm on it right now.
I generated a password with it just now, I use 1Password for all my passwords.
1 Like
Do you have any idea how it was hacked?
No idea, called my brother and he hasn't opened steam in days. I myself have been too busy to even mess with my computer in weeks.
Ah,that's a pity. Was hoping there was something specific so we could help you avoid it in future.
In general, however, 2FA is great.
first off, scan your entire computer for viruses to be on the safe side, incase of any keyloggers, 2nd 2FA is a must for steam.
Ok so I went across the street to my aunts house, downloaded steam on her computer and changed my password with the 1Password generator. Downloaded the Steam app on my phone and enabled the in app Steam Guard.
My PC's clean, I run a full system scan with Avast Premier, whenever I have a chance. If there any infection its most likely on my brothers PC since he doesn't know much about maintainace.
1 Like
reccomend to do a scan on his machine as well.
I don't know who or how but thank you! I didn't even need to make a support ticket, a while after changing my password and creating a support account I fount this in my email. Again thank you all for your help! :)
Probably just your mistake for using same info in some other place or two, which is pretty common.
Still I think there is another way instead relying one password, even if its super secure app its still just one password.
What I think works extremely well is to simply tier several accounts and passwords for different types.
For example:
- Main email
- Trash email
- Money
- Game resellers, or whatever you call these Steams and Origins.
- Game accounts
- Social
- Crap, basically all websites to this site.
So you need to figure out seven of these, and if you're unsure then you set it as that crap account. Also for many places its getting nicely divided between Main & Trash emails, then secondly this ways you will know whats the breach. Still, obviously if you cant maintain even small tidy list, then its better to rely on convenient tools I think.
Original reason I started to do this is after my dear black Elemental Tauren got stripped and I did use same info in WoW & Curse. It made me realize just how many of these lost characters must come from random sites which basically are goldmines.
In any case I havent lost any accounts ever since, and these thieves probably have had my "crap" forum account since 2007 or something like that. I'm expecting that right this moment someone auctions even TekSyndicate list for some botters. :D
I found the possible source of the breach, I told my brother to run a full system scan and it found a some bad stuff. Also told him to run AdwCleaner, let's see if that finds anything else.
Photo wasn't taken by me btw.
Peek into his downloads folder if there is a thing hes doing whats just malicious as fuck. Like for example bunch of "Nintendo 3DS emulators" or something like that, not that emulators are bad I think but still I saw these appear when 3DS came out, you get the picture.