• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

So, what am I supposed to do to combat these attempts on my Steam account?

Skel1ingt0n

Skel1ingt0n

Member
Oct 28, 2017
8,738
I've had my Steam account since HL2 released, and nowadays have over 500 games that I've spent literally thousands of dollars on.

Every few months, I get an email alert: "Your Steam accounts: access from a new web or mobile device." I then change my password.

But then it became once every week. Then every few days. I change my password when I have time within ~24 hours or so.

This week, I'm getting - not exaggerating - 30+ attempts on my account a DAY.

I can't just keep changing my password. I do have Steam Guard on my phone. But I just don't feel safe. Steam's ticket support has been worthless. Anyone else running into the same issue? What's going on, and how do I best combat it?
 
LewieP

LewieP

Member
Oct 26, 2017
18,097
If you're using Steam Guard, it sounds like maybe your email has been compromised.

Edit: or the above.
 
Mesoian

Mesoian

▲ Legend ▲
Member
Oct 28, 2017
26,501
Yeah it actually sounds like either your email is compromised or you have a keylogger. If your password is getting flushed out within 30 days, something is reporting it.
 
Dreamboum

Dreamboum

Member
Oct 28, 2017
22,864
Skel1ingt0n said:
I've had my Steam account since HL2 released, and nowadays have over 500 games that I've spent literally thousands of dollars on.

Every few months, I get an email alert: "Your Steam accounts: access from a new web or mobile device." I then change my password.

But then it became once every week. Then every few days. I change my password when I have time within ~24 hours or so.

This week, I'm getting - not exaggerating - 30+ attempts on my account a DAY.

I can't just keep changing my password. I do have Steam Guard on my phone. But I just don't feel safe. Steam's ticket support has been worthless. Anyone else running into the same issue? What's going on, and how do I best combat it?
Click to expand...
Click to shrink...
I had this issue then I realized that this was because I had a second steam account from a while ago on the same email LOL I was going crazy changing my email every week and wondering how they managed to got those passwords so fast. It's just that I have an old second account I forgot existed that ended up being compromised
 
Akita One

Akita One

Member
Oct 30, 2017
4,627
Stop using your standard personal email accounts for everything, or at least, use the aliases available in those email services.

Just changing your email address (which you already have two factor associated with, right?) usually solves all these problems.
 

Deleted member 34714

User requested account closure
Banned
Nov 28, 2017
1,617
I think you should be worried about your email or login usage or your PC in general. Steam guard is doing it's thing keeping whoever out but the repeated attempts post PW change should be very worrying.
 
Dylan

Dylan

Member
Oct 28, 2017
3,260
Absolutely enable Steam Guard, OP.

Then change the email account associated with your steam account.
 
Spence

Spence

Member
Oct 27, 2017
1,119
Sweden
"New web" can simply mean your cookies are gone or you have a new IP, if you are using 2factor then it's not somebody else logging on.

Never had this issue myself always used steam guard.
 
Santos

Santos

Member
Oct 25, 2017
1,073
Portugal
It seems like your PC has been compromised. Also, make your inventory private. May dissuade, if you have a lot of CS GO skins or similar.
 

Deleted member 18400

User requested account closure
Banned
Oct 27, 2017
4,585
This kinda shit is why I don't keep a card on file for Steam. I know too many people who have had their Steam busted into.
 
finalflame

finalflame

Product Management
Banned
Oct 27, 2017
8,538
Arcade55 said:
This kinda shit is why I don't keep a card on file for Steam. I know too many people who have had their Steam busted into.
Click to expand...
Click to shrink...
If you have Steam Guard enabled, the only way your Steam account can be "busted into" is if you willingly or ignorantly give away your 2-fac code, or have other devices compromised.
 

Deleted member 18400

User requested account closure
Banned
Oct 27, 2017
4,585
finalflame said:
If you have Steam Guard enabled, the only way your Steam account can be "busted into" is if you willingly or ignorantly give away your 2-fac code, or have other devices compromised.
Click to expand...
Click to shrink...

I remember people saying the same thing about the Blizzard Authenticator until someone figured out how to get around that a year after it was implemented. They fixed the security hole but still, 2 factor isn't necessarily fool proof.
 

Deleted member 34714

User requested account closure
Banned
Nov 28, 2017
1,617
Arcade55 said:
I remember people saying the same thing about the Blizzard Authenticator until someone figured out how to get around that a year after it was implemented. They fixed the security hole but still, 2 factor isn't necessarily fool proof.
Click to expand...
Click to shrink...
What? I've had blizz auth since they came out and didn't hear of any security issue with it. Or are you talking about some middleman attack which requires some seriously compromised PC to allow that to happen.
 

Deleted member 18400

User requested account closure
Banned
Oct 27, 2017
4,585
Ricerocket said:
What? I've had blizz auth since they came out and didn't hear of any security issue with it. Or are you talking about some middleman attack which requires some seriously compromised PC to allow that to happen.
Click to expand...
Click to shrink...

I honestly couldn't tell you as I have no knowledge of how that kind of stuff works lol.

I just recall some people with authenticators started to get their accounts hacked and Blizzard acknowledged it on their forums before fixing it. I'm not sure they ever went into detail with what was going on, probably for security reasons. It didn't affect a huge number of people or anything.
 
Chestbridge

Chestbridge

Member
Oct 29, 2017
296
Change your password on a new device to eliminate whether your normal device is compromised. If the login attempts stop, then you know where the issue originates.
 
Last edited:

Neilg

Member
Nov 16, 2017
711
I have this issue too, happens 10x a day sometimes - but it's for an old steam account on the same email. Support is useless as whenever i ask them anything about this they assume i'm talking about my current account with all the games on it and cant seem to even see the old one.

the emails contain a code which they need to get into your account. if you had a keylogger they'd be in your emails too.
Change the email address.
 
Pargon

Pargon

Member
Oct 27, 2017
12,014
That sounds like something weird is going on. You're getting 30 alerts a day saying that you were logged into new devices?
It sounds like phishing rather than anything genuine. Or that you've somehow got two accounts with the same email address, as suggested above.
  • If you already have Steam Guard active, you should be safe unless you are using email-based 2FA and that account is compromised.
  • If you are concerned, change your password, switch to app-based 2FA (and make sure you actually do make a record of those backup codes!) and deauthorize all other devices.
  • If you're using a service like Gmail, you could change the email address on the account to [email protected] instead of [email protected]
Arcade55 said:
I remember people saying the same thing about the Blizzard Authenticator until someone figured out how to get around that a year after it was implemented. They fixed the security hole but still, 2 factor isn't necessarily fool proof.
Click to expand...
Click to shrink...
And yet, no-one has made it into Gabe Newell's account despite him putting the email address and password out there publicly in 2011.

Neilg said:
the emails contain a code which they need to get into your account. if you had a keylogger they'd be in your emails too.
Click to expand...
Click to shrink...
App-based 2FA is generally more secure than email-based 2FA. You should probably switch.
I do wish that they used a standard TOTP rather than their own 2FA implementation though.
 
You must log in or register to reply here.