Did you log into a phishing website or something?
Comment has been collapsed.
Not sure what to do then, sorry. Don't have too much experience with hijackings.
EDIT: Do you have any proof of purchase for the account? If so, show it to Steam Support and they should be able to help you.
Comment has been collapsed.
Never used a PaySafe Card, but if it has some kind of way to show that you bought a game on that account then it should be fine.
EDIT: Those purchase emails should be good proof.
Comment has been collapsed.
Don't reuse passwords. Use different passwords for email, steam, etc. Use a password manager and generate random passwords for everything. I like 64 characters (alphanum and special).
Comment has been collapsed.
Not using a good password manager (I use lastpass myself but others recommend keepassx). In addition I also use a yubikey (one-time passwords) for 2 phase authentication for the master password.
EDIT: this is synchronized across different computers and most solutions works on mobile phones as well.
Comment has been collapsed.
What happens, when you need your passwords at a different device? You'll need to sync your password store, which is very inconvenient, especially on other OSs (Let's say Android) or when you're only temporary using that device
Edit: They don't work "as well". They work inconveniently. In Android for example, a non-root program isn't allowed to paste data into another program. This means, those password stores just copy the passwords and you have to manually paste them. That's annoying as hell and probably unsafe
Comment has been collapsed.
Both lastpass and keypassx works on all major operating systems and is synchronized over network. Lastpass works on both Android and iOS, dont know about keepassx. Lastpass also support logging using web only (if you don't want to install third-party application)
I think it is more convenient than remembering and typing passwords all day long.
Comment has been collapsed.
The synchronizing feature of lastpass seems to have a monthly fee... Well... That's on top of the above mentioned disadvantages
Comment has been collapsed.
No, it doesn't. Premium is required for full mobile support though.
Comment has been collapsed.
Yes, because the data has to be stored in their cloud. So, it's not only easier and faster to type my 5-10 digit password when i want to login, it's also free :D
Comment has been collapsed.
A 10 digit password using the currently most hashing algorithms is cracked in seconds today and if you reuse the password all your services fails at once.
You will have pros and cons using either (but I disagree with the disadvantages you mentioned). I take steps to keep my password storage safe and as long as that isn't breached one leaked password will not take everything with it.
EDIT: in the same fashion I also never use the same email-address twice, but that is another story.
Comment has been collapsed.
Since we are talking about some kind of web service, you are mistaken. It's only possible to do that if the attacker solely focusses on me or is able to steal the whole database with non-salted hashes or even unencrypted passwords, which is unlikely. On top of that, to harm me you'll also need my email account (to change passwords or buy things). But in order to get into my email account, you'll need to remote control my computer or my smartphone. Both is extremely unlikely
Comment has been collapsed.
Databases leak occasionally and hashed password together with emails/usernames has ended up in the wrong hands before. Not unlikely rather a question of when and where. You can even find this kind of data on pastebin. Only example I can remember on top of my head is the linkedin breach some year ago where millions of hashes was leaked.
Gmail is quite safe in that regards but others are not.
Comment has been collapsed.
That is true, but a salted hash is rather worthless. Rainbow tables won't work for such a case. Brute Force is the only possibility, and that's only an option if the attacker solely focusses on me. Well, if the attacker manages to get non-salted hashes or unencrypted passwords during that attack, he'll obviously also get my password.
But like i said, my email account would be the next border, which makes me rather safe (or at least safe enough). And everything without 3rd party tools, many passwords or inconveniences when logging in
Comment has been collapsed.
I'd say it about more services than just email but I agree that gmail is well protected with additional layers of protection, e.g. 2 phase auth. I don't trust other smaller email services in this regard.
In addition to leaked hashes you also have phishing sites, social engineering, etc. By using unique passwords you mitigate all kinds of attacks and make it impossible to login at another service using those credentials.
Anyway, lets agree to disagree.
Comment has been collapsed.
as long as you can prove its your account don't worry; you've got nothing to hide right?
Comment has been collapsed.
salut dami un add dupa ce iti recuperezi contul :P...simple just report to steam support and give some proof of purchases and you will reiceve your account back but first reinstall your windows to dont have some keyloggers or viruses...happened to me also in january but i change my windows erase all from hdd install new one and after went to steam support to give proof of purchases to get my account back and now all is good xD
Comment has been collapsed.
A good tip: Change your E-Mail password right now.
Comment has been collapsed.
why not same password? just asking. how should anyone find my mail password?
Comment has been collapsed.
If you share the password and it happens to leak somewhere all your services has been "hacked".
Comment has been collapsed.
If they get you with a phishing scam / keylogger / other virus that reports key-strokes?
Comment has been collapsed.
i dont know anything about that phishing thing youre talking about. do they just run it on random users on forums and such?
Comment has been collapsed.
As far as I am aware, phishing is essentially sending you to a website that looks like the one you think it is (i.e. a fake) and then you log in thinking it is normal and they simply record everything you type in and bam. They've got your details.
They'll either do it through fake links somewhere / mass-emailing of any addresses they can find publicly.
A common one would be "Your e-mail account password has expired! Click this [link] to have it reset" and make the e-mail look official. It's good advice to never use the same password for two things (or a variation on the same password either) and never click on the links in e-mails.
Comment has been collapsed.
They wouldn't necessarily know it, but if they guess it / find it via a phishing attack, they'll try it on many different sites / programs where you can log on and 'bingo!' they now have access to a lot of your stuff.
Especially bad in the case of online banking...
Comment has been collapsed.
so if op used same password for all his profiles how should they guess it and why would they try exacly ops mail?
Comment has been collapsed.
'Guessing' is highly unlikely, but if OP's email address ended up in the wrong hands somehow, they could just brute force the password (i.e. try loads of combinations using a computer program until they get lucky) or OP fell foul of a keylogger / phishing scam / etc.
Comment has been collapsed.
ok that would make sense :D thank you for explaining
Comment has been collapsed.
Usually support emails to any company are generally done within five business days. When you get your account back, I advise putting Steam Guard on it.
Comment has been collapsed.
most likely it is your email that is the weakspot -
run some antivirus (fx AVG) or reinstall windows to be 100% sure you have nothing that can steal your pw
contact whoever is your email provider and provide them with any detail you can, on fx. contact information in the account and recent emails you have.
change your passwords on anything you can think of the might have gotten access to
Comment has been collapsed.
create a new strong password for your email - clean your computer for malware/spyware - and hope for the best with steam basically - if it happens again - i would recommend changing email provider because then their security might be questionable
Comment has been collapsed.
Both myself and my parents have had trouble with Yahoo! Mail before with our email accounts being hijacked. Personally I would go with GMail as I find it very secure and it gives you a Google account.
Good luck getting your account back, I know that Valve are very good about letting gamer's regain control of their accounts.
Comment has been collapsed.
happened to me, took about a week and a half for steam to fix it, as people have been saying, steam needs proof that you have bought any of the games on the account, for example ticket number pen-written on a steam code if its from a box/cd, or some info about your credit card/payment option you have used
Comment has been collapsed.
I activated Galactic Arms Race, Guns of Icarus Online was a beta so I asked support to remove it and the guy who was supposed to give me Space Rangers gave me an used key and bought me Day of Defeat: Source instead. He was too nice of a guy to mark as Not Received.
Comment has been collapsed.
FYI: Galactic Arms Race & Guns of Icarus Online don't show up on people's account because they are betas. Fairly sure Space Rangers is as well.
Source: Look at my Galactic Arms Race, I've activated that but can't see it in my library. I've also reported other people for GoIO not being activated and support said that since it is beta, it doesn't show.
Comment has been collapsed.
14 Comments - Last post 3 minutes ago by OneManArmyStar
109 Comments - Last post 4 minutes ago by shearkvis
51 Comments - Last post 6 minutes ago by sensualshakti
15,475 Comments - Last post 4 hours ago by WaxWorm
46,873 Comments - Last post 14 hours ago by marilynhanson
371 Comments - Last post 18 hours ago by Vodeni
38 Comments - Last post 19 hours ago by doslover
50 Comments - Last post 5 seconds ago by Exodust
33 Comments - Last post 4 minutes ago by Mitsukuni
13 Comments - Last post 17 minutes ago by Skwerm
937 Comments - Last post 20 minutes ago by Fenchurch
203 Comments - Last post 21 minutes ago by RePlayBe
54 Comments - Last post 36 minutes ago by vinstonsmitt
258 Comments - Last post 49 minutes ago by erintesden
I tried to log in to see that my password is changed, my contact e-mail is changed and my e-mail's password is also changed. In my Inbox there are also recent SteamGuard e-mails. I am so scared right now, I submitted a Steam Support ticket. Any good tips?
Now he changed my profile name to: '1;2'4;12';412';4'12;c';az'c;'1; -.-
Now the human trash is online. Anybody please add him and tell him that he sucks dick.
/Now he removed all of my friends.
/Now he changed my profile picture.
/Now he changed my name to "Fucked Up"
/Now he changed my name to "Im sorry bro !"
Comment has been collapsed.