Someone tried to hack my steam account or login to it

[ng4ever]

Current login attempt info:

IP address: 179.xxx.xxx.xx
City name: Recife
State name: Pernambuco
Country name: BR

I didn't put the whole ip because I didn't think it was necessary.

What should I do immediately ?

It says

Below is a dashboard comparing your actual location info with the current attempted login info. If the information does not match then do not proceed to logging in.

Login information does not match. Please close your browser and change your password immediately.

How do I change my password without logging in ? Thanks.

 

[Rolo]

Is that the entire message? It seems a little out of context.

 

[ng4ever]

No. It has my current location too. I only pasted part of it. Would you like me to do a screenshot of the whole message ?

 

[ng4ever]

Ok here you go!

 

[Ink]

Are you using a VPN?

Be aware that Valve forbids the use of Proxy / VPN for their Steam client.

 

[ng4ever]

Are you using a VPN?

Be aware that Valve forbids the use of Proxy / VPN for their Steam client.

No.

 

[sudo -i]

Steam Support - Account Stolen

What do I do if my Steam Account is stolen?
If your Steam Account has been stolen or hijacked, you should complete the steps below before recovering your account to ensure the account is not stolen again.

Step 1 - Scan your computer
Viruses, key loggers, spyware and other malicious code can steal your Steam Account name and password. Before resetting your Steam Account's password, you should run virus and spyware scanners to ensure such programs are not on your computer.

Step 2 - Change your email's password
Steam accounts are commonly compromised after an associated email address is compromised. Changing the password on your email account will ensure a hijacker can't steal your Steam account a second time, or interfere with assistance from Steam Support.

Click "Change my password" once you've complied with the suggested instructions.

 

[TheSuperGeek]

Yes change your password right now and choose something strong (use a password manager)

 

[ng4ever]

Yes change your password right now and choose something strong (use a password manager)

Thank you.

 

[_CyberGhosT_]

These are a dime a dozen, someone is trying to BF your acct.
Steam had to recover a buddy of mine's Steam Acct. From a Russian
thief a couple years ago.
Just make sure your PW is updated and turn on 2FA and it will go away.
I have gotten warnings in the past, not one after turning on 2FA.

 

[Wave]

I think what may have happened here is if you're working with a Virtual Private Network, Steam may have done a comparison check of the location based on the IP address requesting to connect to the host, and noticed that your usual locations from your previous login sessions did not match similarity between your current location; this is a powerful technique to preventing people from accessing your account based on password brute-force attacks or having even known your password if they are in another country where Steam do not expect you to be, having you not signed in from that location before - other companies like Google also have such functionality, where if your account is accessed from another suspicious location, you'll be notified about it right away and given additional details about the scenario.

If you do not work with any VPN services and you are the only person with physical access to your system, then there's a chance that someone tried to access your account and Steam found the activity suspicious and now wants some form of verification for the account to become accessible again, however I doubt this. I am not sure if they would even operate it like this, either... I don't really use Steam so I am just brainstorming different scenario explanations here.

I recommend you follow any instructions given to gain back access to your account and be sure to change your password - based on the screenshot you sent, it is genuinely the real Steam website and not a fake/phishing one. Remember to choose a strong password with a minimum of 8 characters, and mix in some capital letters and numbers to make guessing the password/brute-force attacks more difficult.

 

[sudo -i]

For those that are interested, if you're connected with a VPN, Steam assumes that you're not connected to a network at all. It will never detect that you're logging in under a VPN's IP.

 

[Wingman]

For those that are interested, if you're connected with a VPN, Steam assumes that you're not connected to a network at all. It will never detect that you're logging in under a VPN's IP.

According to the "steam subscriber agreement" you have agreed NOT to use any means that can alter you place of residence (aka ip proxying/vpn) .

@sudo -i I believe that you can use vpn to connect to steam (in fact many use it to buy games cheaper -it's also the most common reason users get banned)

 

[sudo -i]

@sudo -i I believe that you can use vpn to connect to steam (in fact many use it to buy games cheaper -it's also the most common reason users get banned)

I use Steam, so I can confirm this is incorrect. Let me know if you produce different results through experience.

 

[Rolo]

Wingman is correct; you can use VPN, proxy, etc. to log into Steam. You cannot, however, use these things to disguise your place of residence. Therefore, if you use these things, ensure they don't change your location as it appears to Steam.

cf. Steam Subscriber Agreement

You agree that you will not use IP proxying or other methods to disguise the place of your residence, whether to circumvent geographical restrictions on game content, to purchase at pricing not applicable to your geography, or for any other purpose. If you do this, Valve may terminate your access to your Account.

If I read the screenshot correctly, Steam has your location documented in the US but the login your are making now appears to be from BR, correct?

Check your public IP, does it match the BR one? If not, something is--heh--phishy.

If your IP does not match BR and is still in US, then you aren't really connecting to Steam; it seems something is hijacked.

Before changing passwords, do ensure you are definitely on Steam's site (read the certificate and all) and not a fake and enable 2FA. All hi-visibility accounts (to include all games) should have 2FA.

 

[EmilyPx]

Check your public IP