Accounts getting hacked is nothing new. Every other day we hear about some website being breached and its data getting leaked on the web – and data breach search engines like BreachDirectory exist for precisely this reason – they aim to help people avoid getting caught up in the mess of identity theft. In this blog, we’re going to help you figure out what to do if you think that your Steam account is hacked.

What is Steam?

For many, Steam is the ultimate go-to gaming platform that was created in September 2003. The platform acts as an online video game distribution service and the service is widely known for being one of the largest digital distribution platforms for gamers.

The service is known to offer sales every once in a while with massive discounts – one of the largest sales of Steam is the summer sale, but the service is also known for its other sales such as the winter sale and the autumn sale.

Steam is a massive platform – according to backlinko, the number of approximate users using it is in the realm of 120 million.

Steam Security Measures

Of course, with such numbers of users, Steam has to have pretty stringent security measures in place to avoid getting breached. One of the most popular and easy to configure options is the Steam Guard – the Steam Guard is a 2FA appliance to ensure the security of their users: whenever a username and password is specified, the Steam Guard asks the user to confirm his identity by forwarding a code to his phone.

The Steam Guard was initially presented in a conference back in 2011 by the CEO of Steam, Gabe Newell. Steam is sure that the security of their users would be ensured when using the security measure to such a length that Gabe Newell even announced that people can try to log in to his account and gave is username and password away at the same conference, however, attacks still happen, so we still need to be aware of the measures we can take to protect ourselves.

How to Protect Your Steam Account?

In order to protect your Steam account, there are not that many things you can do. All of the things you can do pretty much boil down to one fact: you need to employ two-factor authentification on everything that is associated with your Steam account. When Steam suspects that somebody else is trying to log in to your account, it either sends a message to your email address asking to confirm your identity or sends you a Steam authenticator message with a code that you need to provide to be logged in to the platform.

All Steam accounts have an email associated with them, so we will start from there:

• If you find yourself using Google, head over to the “My Account” panel and click on the Security tab on the left:

Next, under the “Signing in to Google” heading, find the “2-Step Verification” option and click on it:

Now set up two-factor authentification:

Your email is now protected with two-factor authentication! Now, when logging in to your email address and successfully providing your email and password, you will be prompted for an additional code that is going to be sent to your phone via SMS.

Moving on to Steam, setting up the Mobile Authenticator is rather easy: install the app on App Store if you’re using an iPhone or download an APK if you’re using Android, then log in to your Steam account on your phone (you might need to confirm your identity via email because Steam won’t recognize the location you’re using to log in), and set up Steam Guard. First, set up the Authenticator:

Now, confirm your phone number:

Then finish up setting up Steam Guard by confirming your phone number. You’re now done – the next time you log in to Steam, you will be asked for additional confirmation of your identity via Steam Guard. If Steam Guard isn’t in place and Steam finds that you log in from a different place than usual, you will be asked to input a code that will be provided to you via email.

Got Hacked? Here’s What to Do

Even though the Steam Guard mobile authenticator should be a good preventative measure against identity theft, there still are things how people can get around these security measures and breach your account – the most frequent occurence is people betting that the Steam account is not protected by the mobile authenticator, then gaining access to your inbox, and using credential stuffing or similar attacks to gain access to your Steam account.

If you’ve reused your password and you don’t use either Steam Guard or 2 Factor Authentication provided by either Google or Steam you’re in trouble – but there are still things you can do to get out of this mess. Start by checking the following:

1. Was your password changed? If so, proceed to step #3. If not, proceed to step #2.
2. If your password remains unchanged but you did have the alert of something suspicious happening on your account either via Steam or via Google, change your password immediately (use a password you didn’t use anywhere else that was preferably generated by a password manager), then check whether the attacker has done damage: investigate sent and received messages via gmail, check your trade offers via Steam, and check the list of sent and received messages on Steam as well to see if you find anything suspicious.
3. If your password was changed, contact Steam support and provide them all of the information that you can remember that can be relevant to your account including what email is the account associated with, what games did you buy, what transaction methods did you use when buying them, what IP did you use when registering for Steam or buying access to games, what was the last time you’ve played a game on that account and what game was played, what items are no longer in your inventory, etc.: the more information is provided, the higher odds of Steam reinstating your account. You have to prove that you’re the owner of the account, so have an ID ready as well, just in case.

If you’re unlucky enough to have your password changed but follow the step #3, remember the necessary information and forward it to Steam when asked, you should be out of trouble. If your password wasn’t changed, and you’ve completed all of the steps to better protect yourself in the future (you’re not reusing passwords anywhere, you’ve checked all of the trade offers and declined all of the suspicious-looking ones, and you’ve double-checked all of the messages sent to your friends to see if you find anything suspicious), you should be good to go as well.

Other Things to Do

Completing the aforementioned steps is a good start to ensure the safety and security of your Steam account – however, it might not be enough. Attackers are always advancing and moving forward, so using other measures in combination with the ones already defined is a good start as well.

Consider using data breach search engines like BreachDirectory to ensure that your account is not at risk of identity theft – if it is, change the password on that app, and if the password is reused for any kind of a reason, change the password on that app as well.

At the end of the day, the security of your Steam account is directly dependent on the actions you’ve took previously and continue to take to secure it – data breach search engines like BreachDirectory help you get out of the data breach mess and provide a way to implement their data into other systems via the BreachDirectory API as well no matter if your account was already a victim of an identity theft attack or not – if it was, you will be able to identify the source of the attack, and if it wasn’t, you will be able to better protect yourself in the future.

Summary

Noone likes getting hacked – however, as far as Steam is concerned, the platform certainly provides reliable ways for people to stay safe. One of the most prevalent ways to protect your Steam accounts is by using the Steam Guard mobile authenticator – the authenticator provides a way to get codes to a mobile phone whenever we’re logging in to our Steam accounts: it’s safe and convenient to use.

Even when Steam Guard isn’t in use, Steam is still ensuring the security of our accounts by sending messages to our email addresses and asking for confirmation of our identities thus still allowing us to use the platform, albeit with restricted features (e.g. trading restrictions, etc.)

If you do get hacked, follow the steps outlined in this article, run a search through data breach search engines like BreachDirectory to ensure you stay safe, and until next time!