• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Think steam account was hacked. Anyone ever deal with this?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

ssjwizard

Has slightly less legible writing than Thideras
Joined
Mar 12, 2002
So I think my steam account has been compromised. For whatever reason I am unable to login today, and while I thought it might just be a password error when I go to recover my account the email I use for the account does not pull up a username and if I put in my username it refers to a phone number I do not recognize. Anyway I followed the procedure listed on their website, but I am wondering how long this will take. Has anyone ever had to do account recovery in the past?
 
I haven't, sorry, but I hope it is a quick resolution.

As a side note, setup dual factor authentication when you get it back.
 
Haven't had to do this, sorry, but I would definitely do as Janus said.
 
Another suggestion is to use a password generator, just to make the passwords a bit harder. I use KeePass on all my devices installed in dropbox so I have my passwords synced.
 
I am afraid of two factor authentication. becuase of a couple bad experiences with it. I lost my blizzard account because I setup the authenticator app as I used the cash shop for D3 and it was required. I quit playing my blizz games for a while and didn't think about it. Upgrade time came around and I switched phones. Before it occurred to me that it would be a big deal I wiped the phone to factory settings and sold it. Now I wanted to play one of my blizz titles and since I no longer have the authenticator they wont help me. The second was a site that had an option of setting up 2 step authentication using PGP and after a disk failure I no longer had access to the original key and was not able to pass the 2 step leaving a substantial amount of money in an account. Ever since then I just dislike 2 step. I agree that its a nice idea and provides extra security, but sometimes junk happens and you get burned.

Sadly as steam is one of my older accounts I use an old password which was used for several other accounts. This is something I dont do anymore. I use a different password for every account I have or at least a different username. It still really burns though, as I have near 200 titles on steam and have supported their service for a long time. I am confident that I will get my account back, but from other searches Ive done it could take up to 3 months before the issue is resolved, and if my games are transferred to another account I may or may not have them returned to me.
 
How would you games be transferred to another account?

FWIW, I always physically write down any private key/seed key so that I can recover from anything like that. And keep a digital copy as well that is password protected.
 
Another suggestion is to use a password generator, just to make the passwords a bit harder. I use KeePass on all my devices installed in dropbox so I have my passwords synced.

Password generator? let someone else make your password?
That sounds like a grate idea...

Did they get rid of steam grad? Enable that when you get your account back. Also steam support sucks, they can get back with you in a week or in a few months.
it took them 3 months before they answered my ticket to delete my user account.
 
How would you games be transferred to another account?

FWIW, I always physically write down any private key/seed key so that I can recover from anything like that. And keep a digital copy as well that is password protected.

So ever since steam allowed trading of games on your account this is possible. I know a few people who had all their games transferred off to other accounts. Thankfully I will report that my access has already been restored and since they now require a 3 day waiting period before any software can be transferred my collection is in tact although I may be missing a few trading cards. Really I dont care about those long as I got my account back.

As to steam guard I already had steam guard set to go to my email account, but somehow this still happened. I have now reset all my passwords(to relevant accounts) done a full system scan, and reassigned my account info to my phone #. In the process I also managed to update a few other accounts that had bad/old info on them so I guess no harm done.
 
You make it sound like it's another person that is doing it. Read up on it before you knock it. Keepass
At the end of the day you are still letting someone or something make your password and there is the chance that something funny is going on in the background. If the program is not 100% open source and downloaded from a trusted source how will you know is it's not doing something funny with your passwords? it's the same with passwords mangers.
 
At the end of the day you are still letting someone or something make your password and there is the chance that something funny is going on in the background. If the program is not 100% open source and downloaded from a trusted source how will you know is it's not doing something funny with your passwords? it's the same with passwords mangers.

:chair:

Do you not use banks either? Really, anything that requires you to have a password will have all users' credentials stored in an encrypted db. Any admin could easily get your credentials there...

As long as you're not storing all of your passwords in an app named "Crazy Joe's Discount Password Emporium Storage", you probably don't have anything to worry about. ;)
 
At the end of the day you are still letting someone or something make your password and there is the chance that something funny is going on in the background. If the program is not 100% open source and downloaded from a trusted source how will you know is it's not doing something funny with your passwords? it's the same with passwords mangers.
Keepass (or keepassx) is open source and widely trusted. Using a good password manager will greatly increase the security of your accounts.
 
Will allow this to speak to the use of pasword mangers......

LastPass Hacked, Change Your Master Password Now

Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.

SOURCE
 
Will allow this to speak to the use of pasword mangers......

LastPass Hacked, Change Your Master Password Now

Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.

SOURCE

get out.
 
Will allow this to speak to the use of pasword mangers......
The good news is, the passwords you have saved for other sites should be safe.

There are about 2 lines in that article which might make one think their passwords aren't still safe. The rest of it reinforces the benefit of a password manager like lastpass. Even with an intrusion like that one, all the data is still secure. What the intruder "hacked" was useless.

But please, be my guest. Write all your passwords on a sheet of paper and keep it in your wallet. When you lose your wallet, or it is stolen, I'm sure the characters you've written down will magically rearrange themselves to prevent a thief from gaining access to your accounts... :rolleyes:
 
Keepass (or keepassx) is open source and widely trusted. Using a good password manager will greatly increase the security of your accounts.
But is it 100% open? And has the code been reviewed?
Also how is having your passwords stored in a data base on your pc secure? It leaves you wide open to a single point of failure.
In other words a hacker will only need to get into your password manager to get every password you have. And often just a quick look at a what's in ram is all a hacker needs to do to get into your password manager.

Sorry not buying that crap, I don't have a degree in information security for nothing.

@ninjacore
Most places that are smart about security hash you password then encrypt it.
 
But is it 100% open? And has the code been reviewed?
Also how is having your passwords stored in a data base on your pc secure? It leaves you wide open to a single point of failure.
In other words a hacker will only need to get into your password manager to get every password you have. And often just a quick look at a what's in ram is all a hacker needs to do to get into your password manager.

Sorry not buying that crap, I don't have a degree in information security for nothing.

@ninjacore
Most places that are smart about security hash you password then encrypt it.

get out.

edit, i figured id atleast help a bit.
you have an account online? have you seen how many account online get hacked every day? you should delete your entire internet and unplug ur pc before you catch a deadly computer virus or something.
 
Last edited:
But is it 100% open? And has the code been reviewed?
Also how is having your passwords stored in a data base on your pc secure? It leaves you wide open to a single point of failure.
In other words a hacker will only need to get into your password manager to get every password you have. And often just a quick look at a what's in ram is all a hacker needs to do to get into your password manager.

Sorry not buying that crap, I don't have a degree in information security for nothing.

@ninjacore
Most places that are smart about security hash you password then encrypt it.

...that's what lastpass did...that's why the data stolen was useless...

And what is your alternative, oh, information security guru?

1) Don't have online accounts.

2) Write your passwords down somewhere (roughly 1 billion times less secure than any password app option)

3) Use the same password for everything and remember it (certainly not recommended and good luck even doing this, considering the range of password requirements from different sites)

4) Use an app which encrypts everything for you and is secure enough that even when they get hacked, the data is still useless to anyone.


Your argument's bad and you should feel bad.
 
Bring yourself into the 21st century...thing passphrase versus password.

A passphrase is a password that combines multiple words (that make sense to you) into a passphrase.

For my passwords, I don't use an app (still don't trust something like that). I put them in an excel spreadsheet, encrypt this spreadsheet with a password. Put that spreadsheet into a zip file with a different password...and then put that zip file into another zip file with an even different password.

And no, I don't keep money under my mattress! :D


EDIT: And if you think anything online is secure...don't kid yourself. I got a letter a few weeks ago from the US Department of Defense saying that their security clearance database has been hacked! If you have friends or relatives with a security clearance, your personal information is now out there. Depending on your clearance level, you have to give ALL SORTS of information about your siblings, children, parents, aunts, uncles, neighbors, etc.
 
Back