You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
My Steam account keeps getting hacked.
I get messages from Steam telling me an attempt has been made to log on, using the correct username and password and that I should change my password.
What do they want my account for? What could they steal if they got access?
Gift games and vouchers etc if you've an associated payment method.
But yes you absolutely should change your password to something a bit more complex/unique than St34m
Are the messages really from Steam? I regularly get very similar ones from Instagram (for an account which I set years ago up but have never posted on) which I assume are scams trying to get me to click on the link included in the message.
if you’ve an associated payment method.
Haven't used it in ages so any payments are well expired. Obviously the hackers don't know that.
But yes you absolutely should change your password to something a bit more complex/unique than St34m
I did, I used one of the google suggested ones and they have still hacked it.
Are the messages really from Steam?
Hacked it, or trying to?
Maybe someone is just griefing you by trying to get your attention?
Did you install Steam on another machine and not wipe it before selling/passing it on? They'd have your username but not new password.
The messages are definitely from Steam. They contain a code that allows you to log in from a new location.
There is no link in the email, just the code.
See Lucky's post.
Firstly, are the emails genuine? Do they start with "Dear [your username]"? If not, they're likely phishing. The wording of your OP makes me suspicious, is that actually what it says?
If they are genuine, change your email password for a start. Then set up 2FA. Hell, do that anyway.
https://help.steampowered.com/en/faqs/view/7EFD-3CAE-64D3-1C31
An attempted logon from a new device will then prompt for a one-time code sent to your phone / browser. Which is a point in itself, check your account for addresses / numbers that aren't yours.
Firstly, are the emails genuine? Do they start with “Dear [your username]”?
They do start with that. They are genuine. Email address is noreply@steampowered.com
The messages are definitely from Steam. They contain a code that allows you to log in from a new location.
There is no link in the email, just the code.
That being the case, and you say you're using a generated password, I'd be looking either at a malware infection or your Google account being compromised.
Hard to be certain of anything without seeing it TBH.
My son had his account hacked a few years ago. As I understand it he played some game that through playing it you collect/generate "items" which you can then trade with other users. Those items can actually be sold on-line. He'd paid for the game but then never bought any add ons but he played it enough he had a couple of hundred quid worth of value in his game if he was replacing at ebay prices! He thought some of his friends actually have values of nearer £1K in their accounts because they had bought in game purchases etc...
IIRC Steam locked his old account, and credited his games to a new one - but they in game extras were lost. I'm sure there are probably "serial numbers" assigned to these items that make them traceable if Steam were interested in reducing online crime but that doesn't generate them revenue does it!
Arent there scenarios where the password may not be being hacked, but Steam could have been hacked and stored passwords with a weak encryption, allowing hackers to work them out?
Run malwarebytes on the pc
Then log onto Steam, change everything, and set up their two-factor authorisation (steam guard) on a separate device, preferably your mobile for now. Make sure it logs everyone out.
EDIT: Actually, you're getting Steam Guard 2FA codes through anyhow? Is it definitely for your a/c, someone may have entered their mobile number wrong for a different account.
Arent there scenarios where the password may not be being hacked, but Steam could have been hacked and stored passwords with a weak encryption, allowing hackers to work them out?
seems very unlikely:
1. you'd expect steam to be hashing rather than encrypting passwords
2. if the OP is using genuinely complex and unique passwords a rainbow table attack on the password database is unlikely to succeed
3. if the OP was unlucky enough to hacked that way once (perhaps through a stupid initial password and steam being crapper than we expect) the problem should have gone the first time he changed it, and they would need to still have backdoor access and a way to reverse every hashed password
4. if such an unlikely scenario did happen, it seems remarkable that only the OP has been attacked this way and the internet isn't full of 15 yr olds complaining their steam account has been hacked
Its much more likely that something or someone using his machine (you don't have any teenagers in the house?) is trying to login with his details - and has someway of accessing them (presumably if its a genuinely unique and complex password its stored in a password manager or the browser's password store? the latter are often synced between multiple machines...)
Chrome generates a password when you're signed into it with your google account and saves it to your google a/c(1) Perhaps go to your google a/c and log out all other devices currently logged into it.