Steam account hacked - advice need

[Yoko]

Okay so I woke up this morning and noticed two emails from steam, the first an account verification email and the second confirmation that I had changed my login via an IP address in Kazakhstan

My account name has been changed and all my friends deleted and my profile pic replaced!

My account was setup with two stage verification via email and the only thing this pc is used for is Steam so I am unsure as to how they managed to do this (my email also requires two stage verification including by telephone or SMS)
I haven't accepted any friend requests or clicked any links nor do I access emails on this particular PC

I have managed to recover my account on a different PC (worried my pc is compromised but AV scan is clean) I've changed my email passwords, steam password and setup steamguard via mobile app

Is there anything else I should do???
Luckily I do not have any cards connected with my steam account so I am not out of pocket

 

[Gimpymoo]

Sounds like your email account was compromised.

 

[Willir]

Which Steam games do you play? If you play CSGO I hope you don't dabble in the 'skins' business. A lot of fake skin sites floating about.

 

[Glanza]

Do you use the same email address for everything?

 

[Semple]

Sounds like your email account was compromised.

This.

If your 2SV codes are sent to your email, that would have been the only way to have access to your Steam account.

I would use another machine to reset all passwords, and also revoke all existing pickup codes - (assuming you're using Gmail - these are fixed one-time codes that can be used to gain access).

 

[Rezident]

Do you use Steamguard?

 

[Shawreyboy]

I had the exact same thing happen to me this morning!

The IP was 145.255.168.164

It doesnt look like anything happened to my account though.

Shawrey

 

[Yoko]

Which Steam games do you play? If you play CSGO I hope you don't dabble in the 'skins' business. A lot of fake skin sites floating about.

I only really play Total War games on steam and some 1990's oldies like Xcom and Colonisation

Do you use the same email address for everything?

I use my main email address for lots of different things but none have the same password as the email account or steam

This.

If your 2SV codes are sent to your email, that would have been the only way to have access to your Steam account.

I would use another machine to reset all passwords, and also revoke all existing pickup codes - (assuming you're using Gmail - these are fixed one-time codes that can be used to gain access).

No idea what pickup codes are and don't use gmail

Do you use Steamguard?

Yes but have now opted for mobile verification as opposed to email and have adopted the smartphone app for account access verification

I can only assume they gained access to my email account somehow as Gimpymoo said

 

[ic1male]

Maybe they're intercepting your text messages as both Steam and email were protected via SMS? Change to Google Authenticator or something for as many sites as you can - Gmail, Amazon, Microsoft, Ubisoft, EA, even OcUK can use it.

 

[Digital X]

My Uplay was broken into yesterday, friends removed, named change and games in Russian. Hope you get it sorted, I know first hand it's a pain in the backside.

 

[Yoko]

Maybe they're intercepting your text messages as both Steam and email were protected via SMS? Change to Google Authenticator or something for as many sites as you can - Gmail, Amazon, Microsoft, Ubisoft, EA, even OcUK can use it.

Sorry, to be clear I only added phone protection today, previously any changes were by verification via a second email account

Interestingly, I now have the email address of the suspected culprit, as used on my account, and it is linked to a specific individuals Russian language Facebook type account in Kazakhstan with pictures
I will pass details onto Steam but doubt they will do anything

 

[varkanoid]

Keep checking your friends list and make sure there is no one in there you dont know. Ages and ages ago for a long while I would get users appearing in there from Eastern Europe countries and I kept blocking them eventually it stopped. However they do it I think thats one way they get in.

 

[Omaeka]

I know this is a little off topic and a small rant, but until companies stop protecting hackers everyone is in massive danger of being hacked. It's very high potential reward for no risk at all. My PSN was hacked so I got it back via direct support and during the convorsation I asked for the hackers IP and was told they are not allowed to disclose that... Makes sense, except when I asked what might be done to the hacker, the support rep was at least honest in his answer; absolutely **** all. No attempts to track them down and prosecute them or anything. I know the hacker most likely changes IPs etc. but at least try SOMETHING to deter them.

So I got to ask, why on Earth would somebody not just throw out massive blanket hacks in this day and age? Morals aside, you're bound to catch something and you're basically immune to any backlash whatsoever.

Absolute aids.

 

[ic1male]

What you have to hope for then is that the hackers themselves are hacked by another.

 

[varkanoid]

Someone from Serbia tried to get into my account last night, Steam Guard email stopped them

 

[Rifte]

Steam app authenticator FTW

Its a pain in the backside to have to get my phone out every time but my steam account has well over 600 games in it, and it would be very painful if I ever lost it.

 

[varkanoid]

Yeah just changed mine from email to App. Although I hope I dont get Deja Vu. Last year my phone went in the pool and it had Authenticators on it. That was a PITA. Set it up again and go on holiday next week......

 

[Daytrader]

Steam app authenticator FTW

Its a pain in the backside to have to get my phone out every time but my steam account has well over 600 games in it, and it would be very painful if I ever lost it.

Yeh i worry about my steam account getting hacked, i use steam app auth also, i only have to verify when i put something up for trade like game badges, is there a way i can use it for logins all the time also ?

 

[x-st]

Yeh i worry about my steam account getting hacked, i use steam app auth also, i only have to verify when i put something up for trade like game badges, is there a way i can use it for logins all the time also ?

If you have the Steam Guard mobile authenticator app active on your phone the you have the two step identification active. It only kicks in when it notices a login from an unrecognised IP or computer (I'm assuming MAC address). Try logging in to Steam from a work computer that you've never used for Steam before and you'll see it in action.

 

[Daytrader]

Ah ok, im safe then as i have it active.