Someone trying to hijack steam account

DF-1

2[H]4U
Joined
Jun 17, 2011
Messages
2,716
I got a notification from steam saying someone is trying to log into my account with the correct password. I changed it this morning.

I just got another email saying the same thing...

I don't have any viruses (eset + malwarebytes + not a dummy)

not sure what to do at this point.
 
I got a notification from steam saying someone is trying to log into my account with the correct password. I changed it this morning.

I just got another email saying the same thing...

I don't have any viruses (eset + malwarebytes + not a dummy)

not sure what to do at this point.

I would definitely get two factor authentication.
And I would still try to figure out if you do have something that is giving out your info. This person isn't magically hacking your account. It's up to you to figure out how and close that loop.
 
If you have 2FA activated with your phone then I wouldn't worry about it too much. If you don't have 2FA enabled, what the hell is wrong with you? You should still figure out how your passwords are leaking out.
 
I would definitely get two factor authentication.
And I would still try to figure out if you do have something that is giving out your info. This person isn't magically hacking your account. It's up to you to figure out how and close that loop.

yeah i got 2FA.

really not sure what could be giving out info.. maybe some of these classic WoW addons i downloaded with Twitch somehow.
 
yeah i got 2FA.

really not sure what could be giving out info.. maybe some of these classic WoW addons i downloaded with Twitch somehow.

To me this is serious enough to nuke my system and start over in order to ensure that what ever it is goes away. In other words: do what it takes. This is a no half-measures sort of situation.
 
To me this is serious enough to nuke my system and start over in order to ensure that what ever it is goes away. In other words: do what it takes. This is a no half-measures sort of situation.

This, 100%. I would be seriously worried about a keylogger having been installed. The first thing I would do is login to Steam on a completely different device that you know is 100% clean to change passwords on both Steam and whatever email you're using. Then take the time to nuke your current Windows installation and start from scratch. I would waste no time at all doing these things. If it is some sort of keylogger then the person may very well have or will have access to everything you login to. That's a lot worse than just a single Steam account.
 
Also are you absolutely sure it's a real steam email notification? I have had many "notifications" sent to my email claiming all sorts of security issues with bogus links in them or trying to get me to pay them bitcoins because they supposedly have access to my machine lol.
 
It's likely your credentials were exposed in one of the hacks and they are just trying to see if it works on any other websites. Luckily for you, it seems you did the smart thing and used different passwords for different websites.

You cannot believe how often some people use the same password for everything / most things. Then they act surprised when they get hacked.
 
As dumb as this might sound, some people use this as a revenge mechanic. You beat them in a game online and then they start trying to login to your account. They have no intention of succeeding, but it freaks people out. You also don't really have a way of knowing who is doing it.
 
Also are you absolutely sure it's a real steam email notification? I have had many "notifications" sent to my email claiming all sorts of security issues with bogus links in them or trying to get me to pay them bitcoins because they supposedly have access to my machine lol.

seems real. not many links and theyre all to the correct place.


no i dont.

It's likely your credentials were exposed in one of the hacks and they are just trying to see if it works on any other websites. Luckily for you, it seems you did the smart thing and used different passwords for different websites.

You cannot believe how often some people use the same password for everything / most things. Then they act surprised when they get hacked.

but i reset the password and it happened again, so i wouldnt think it would be that.
 
There's a chance it could also be someone with a similar account name (or email address if your account is old school) to you that is incorrectly trying to log in.
 
There's a chance it could also be someone with a similar account name (or email address if your account is old school) to you that is incorrectly trying to log in.

I don't think you read the OP well enough. It says: "with the correct password". So do you want to take the vegas odds on how likely it is that someone would have a similar email address and the exact same password?
 
I can almost guarantee they are just trying email and passwords from a pre compiled list from previous hacks. It’s far and away the most common method since it works. You’d be surprised at how many people have the same password and email combos for everything. So if 1 website gets hacked and your email and password for that site end up on a list, people/bots will go down the list and try it on other websites. If your email and password were compromised from several websites, they are probably just trying all the passwords on that list associated with your email address or account names.

Plug your account email and username into this and see what comes up:

https://haveibeenpwned.com/
 
I can almost guarantee they are just trying email and passwords from a pre compiled list from previous hacks. It’s far and away the most common method since it works. You’d be surprised at how many people have the same password and email combos for everything. So if 1 website gets hacked and your email and password for that site end up on a list, people/bots will go down the list and try it on other websites. If your email and password were compromised from several websites, they are probably just trying all the passwords on that list associated with your email address or account names.

Plug your account email and username into this and see what comes up:

https://haveibeenpwned.com/

This is almost always the case for these kinds of scenarios.

I block _tons_ of that ridiculous sextortion scam shit at work, and part of the reason it's so effective is because these emails really can have a password you've used in the past. It's a great way to throw someone into an immediate panic.

Enable 2FA, get a password manager, generate something that will survive the heat death of the universe, flatten your shit and reinstall if in doubt.
 
I block _tons_ of that ridiculous sextortion scam shit at work, and part of the reason it's so effective is because these emails really can have a password you've used in the past. It's a great way to throw someone into an immediate panic.

I'm glad I'm not the only one. We have gotten so many employees who are on the verge of tears because they got an email from someone saying they hacked into their computer and found nudes or took pictures using a webcam. They usually say something like "Just so you know I'm serious, one of your passwords is Password123 (or whatever the password is from the list). We use mimecast and we still get some of these that fall through the cracks. We've had to keep an eye on haveibeenpwned for any company accounts and let them know as soon as we see any as a precaution.
 
I used to get this occasionally. Actually, it was very annoying because I had 2-step authentication and would get an email about it. But I just got fed up with it after a while and installed Steam Guard on the iPad. Funny thing though.....it stop completely after that-nothing never again. Almost as if someone at Steam was doing that intentionally to get installations of Steam Guard to get telemetry data, or accounts.
 
I can almost guarantee they are just trying email and passwords from a pre compiled list from previous hacks. It’s far and away the most common method since it works. You’d be surprised at how many people have the same password and email combos for everything. So if 1 website gets hacked and your email and password for that site end up on a list, people/bots will go down the list and try it on other websites. If your email and password were compromised from several websites, they are probably just trying all the passwords on that list associated with your email address or account names.

Plug your account email and username into this and see what comes up:

https://haveibeenpwned.com/

I just tried two of my emails and they have been "pwned" a total of 8 times combined. And all on websites I have never even heard of. Weird.
 
Back
Top