Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
First: your password is still there. And once again you're conveniently leaving out information, such as the fact that all this transpired from already known ("registered") contact information.
Do ALL of these. Every single one.
1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours
3. Deauthorize all other devices https://steamhost.cn/twofactor/manage
4. Change passwords from a trusted/clean device
5. Generate new backup codes for your Mobile App https://steamhost.cn/twofactor/manage
6. Revoke the API key https://steamhost.cn/steamcommunity_com/dev/apikey (there should be nothing in the APIKEY)
7. Make sure your steam recovery email account is secure
Then do similar for your email address you use with Steam, because your information from somewhere...
I would like an optionally 15 day lock down on starting games if Steam support is this easy to use to bypass security.
And that's a problem 'Only password remain'. Password which can be resetted by an e-mail.
If the process were happen whehile I was asleep and attacker is awake my ID might just gone forever.
API keys have limited "power"; I tend to assume these cases are a simple "fake login" situation, where the attacker got an actual login key.
I'm still confused about posts claiming that items have been traded away without them knowing; even a login key cannot do that. Likewise, certain changes to an account WILL trigger 2FA as well.
As long as you keep your stuff safe, nobody can reset your password.
The problem is the user, nothing else.
Your mistake in this case was connecting your zephyr to the internets.