Steam account hacked

R

Rtstrider

Gawd
Joined
Dec 3, 2004
Messages
597
I have joined the ranks of having my steam account hacked. I do not play games and it's all for the kiddos. We have a desktop but it has not been up and running since March. Long story short money is very tight and we have to eat ;) My Steam account was hacked around a month or two ago and Steam reset everything. I was able to login to the steam website and change all of the contact information/passwords back. Yesterday I get an account verification message in my email which is odd since this is not installed on any machines. I am the only one that has the password and have not even told the kiddos what it is. I try to login to the steam account and it appears the same hacker has hijacked my account again (the contact email was the same as last time from what I could tell). I have reset my email password, but, have not used Steam mobile guard yet (will be after this gets sorted out). My question is what other preventative measures can I put in place outside of resetting my email password, steam password (once the account is restored again), and Steam mobile guard? A ticket has been opened with Steam already and I'm waiting to hear back from them.

I'm not sure if this is the right place to post this so apologies in advance!
 
Make sure any email account attached isn't being breached for resets.. the two-factor authentication should help.. Also longer passwords.
 
I have changed the email password as of yesterday to something a tad more difficult so that should help. I got another activation request from Steam this morning but what's weird is when I go to "forgot password" it still shows the hijackers email address. I have a power supply on the way and just received the wireless AC card. Getting gigabit internet installed Friday so was hoping this would all be up and going by the weekend. Fingers crossed and thanks modi123!
 
.. and you are certain the 'reset password emails' are not phishing emails?
You've done a clean sweep of trojans, malware, etc?
 
The only machine this account was setup on has been down since Feb/March. Power Supply was toast so no way to power it on. I'll check the email headers to see if these actually came from Steam.
 
You can link a cell phone to it which basically fool proofs any attack. I've done so in the past but I took it away since I changed my number twice in a year.
 
Will link the cell phone to it for sure! Just to make sure that was done through the 2 step deal with the steam app on the phone?
 
I just checked the headers and it definitely looks like a valid message from steam.

Received: from [208.64.202.21] (helo=valvesoftware.com)
by smtp03.steampowered.com with smtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1dkW3w-0000pX-4u
for ********; Wed, 23 Aug 2017 06:51:16 -0700

Return-Path: <[email protected]>
 
Steamguard fool proofs any hacking attempt what I'm afraid of it would lock me out of my account simply because I lost my phone number.
Of if my phone broke and I needed a new phone number.
 
Last edited:
Comixbooks said:
Steamguard foolproofs any hacking attempt what I'm afraid of it would lock me out of my account simply because I lost my phone number.
Of if my phone broke and I needed a new phone number.
Click to expand...

They give you codes to remove the authentication app. So say you leave your phone at work and a thief steals it. You can use the codes to remove 2 factor authentication from your account. When you get a new phone just add the 2 factor authentication back to your account.

Easy Peasy.
 
Rtstrider said:
I have joined the ranks of having my steam account hacked. I do not play games and it's all for the kiddos. We have a desktop but it has not been up and running since March. Long story short money is very tight and we have to eat ;) My Steam account was hacked around a month or two ago and Steam reset everything. I was able to login to the steam website and change all of the contact information/passwords back. Yesterday I get an account verification message in my email which is odd since this is not installed on any machines. I am the only one that has the password and have not even told the kiddos what it is. I try to login to the steam account and it appears the same hacker has hijacked my account again (the contact email was the same as last time from what I could tell). I have reset my email password, but, have not used Steam mobile guard yet (will be after this gets sorted out). My question is what other preventative measures can I put in place outside of resetting my email password, steam password (once the account is restored again), and Steam mobile guard? A ticket has been opened with Steam already and I'm waiting to hear back from them.

I'm not sure if this is the right place to post this so apologies in advance!
Click to expand...

I had this happen with EA and it was a bitch to resolve. Even with 2 factor identification they kept sweet talking their way through customer service.

Ended up having to make a new email address, get all of the games switched over, employ all kinds of security measures and add password verification to anyone who wanted to talk about the account over the phone.

It was a real pain, but was interesting from a security standpoint that even with 2 factor identification there are lots of ways around it by sidestepping conventional means.
 
modi123 said:
.. and you are certain the 'reset password emails' are not phishing emails?
You've done a clean sweep of trojans, malware, etc?
Click to expand...

Rtstrider said:
The only machine this account was setup on has been down since Feb/March. Power Supply was toast so no way to power it on. I'll check the email headers to see if these actually came from Steam.
Click to expand...

You didn't actually answer his question. You are running some antivirus on said machine and the one you access emails from right?
 
I only access email from my phone. But there was a period from February until a few days ago the computer was down so I don't know how long ago it was hacked tbh. I have wiped the machine and loaded a fresh install of windows 10 and installed the free AV program Mediacom provides. I took the above suggestion and have enabled steam guard mobile. So hoping this helps! Thanks for the help!
 
Last edited:
I just got notified of someone from RU that was attempting to access my Steam Account as well. Sigh.... I did not know about Steam Guard but now have it installed and also changed my Steam password and my email password.

What a world.....

And in terms of phishing emails: I NEVER click a link from ANYONE that says "your account was accessed, do you want to.... whatever"

I alway open a new browsing window and log into the account from there. After logging in, I then verify the email.

In this case, I did confirm some BOZO from RU did indeed attempt to get into my account. You have no idea how happy I am that I had not loaded any CC info on my account. That's another thing I NEVER do on any website. I mean, heck, it doesn't take THAT long to enter my payment method each and every time I but something.

Sure wish there was a way to find these cretins.
 
Russian mafia strikes again...they are heavy into targeting North America-based Steam and Amazon accounts.
 
You must log in or register to reply here.
Back
Top