Anyone else have issues with this on steam

[Wait_____u_____what]

I have 2FA on for Steam, and use Bitwarden(used to use Lastpass but switched recently, deleted lastpass account so even if that DB was compromised I'm on a new local instance), with a 40 character Password, numbers, letters, symbols etc.

 

Almost every week now I get a notification of a successful login with my username and password from random IPs.

I change my pw after these notifications come in.

I cannot see any way that this is possible without there being some issue at steam where there is some leak? I have no clue, steam support doesn't have anything except how to regain a hijacked account, which mine isn't.

 

I also have gone through most of my accounts to change any passwords that haven't been updated in over a year.

 

I attempted to post on r/steam but mods don't like actually giving support, and it seems you can't actually message them so, why not ask my fellow people here.

 

If anyone has any ideas how this could be happening I'm all ears!

 

 

Edited March 21, 2021 by Wait_____u_____what
Removed pics of malicious IPS

[Wait_____u_____what]

1 minute ago, CrownieOG said:

go check your steam api, you could be infected from logging in on a fake steam site. to do so go to : https://steamcommunity.com/dev/apikey 

 

Unsure what that was supposed to get me to.  I mean I run a domain at home in my home lab but don't really see the need to add it to anything on steam.

[Wait_____u_____what]

5 minutes ago, CrownieOG said:

go check your steam api, you could be infected from logging in on a fake steam site. to do so go to : https://steamcommunity.com/dev/apikey 

tell me if you find anything in this box 

Unsure if that second part was there before, but no, nothing in that part.

[Wait_____u_____what]

1 minute ago, CrownieOG said:

You dont have anything in the box therefor you are not API Scammed, if you had a domain in there your account would be seriously compromised. So right now it comes down to your computer, did you run any antivirus scans? what antivirus software do you use?

Nothing on any scans, including Webroot, SentinelOne, HitmanPro, ADWCleanter, EmisisoftEmergencyKit, JRT, rkill, tdsskiller, or Unhide

[Wait_____u_____what]

2 minutes ago, CrownieOG said:

You dont have anything in the box therefor you are not API Scammed, if you had a domain in there your account would be seriously compromised. So right now it comes down to your computer, did you run any antivirus scans? what antivirus software do you use?

Also, latest updates, currently on Win10 build 21H1

[Wait_____u_____what]

Just now, CrownieOG said:

I suggest not using a password manager even if recommened by almost everyone, try setting up a proper password made by yourself, if needed write it down somewhere. I see no reason apart from this to your problem. Steam has no leaks, you arent compromised on your steam account nor your computer, change your password by yourself and let me know if anything changes

How can you be certain steam has had no compromises?
Will update

[Wait_____u_____what]

Just now, CrownieOG said:

Steam is pretty much the safest when it comes to getting compromised unless the user is not the brightest bulb. Only ways to get compromised on steam is either getting cracked or API Scammed, which are neither your case.

But I mean on the backend.  There could be unknown compromises.  Solarwinds was one that rings a bell, or even more recently with on premises exchange servers that were pre-cumulative update 19.  Compromises happen without people knowing.  That's why I'm reaching out to see if others have experienced anything similar.

[Wait_____u_____what]

41 minutes ago, CrownieOG said:

I suggest not using a password manager even if recommened by almost everyone, try setting up a proper password made by yourself, if needed write it down somewhere. I see no reason apart from this to your problem. Steam has no leaks, you arent compromised on your steam account nor your computer, change your password by yourself and let me know if anything changes

Can say using one made up by myself....did not work....anyone else have any ideas or am I just stuck getting a notification of attempted logins everyday.

[Tocsin_786]

I've been having the same issues with Steam honestly. Changed the pw 3 times and I always get the notification. Nothing changes internally on my account. I always get 2FA emails, so I just made my email account much more protected. Idk what to do about steam honestly. 

[Wait_____u_____what]

8 hours ago, Tocsin_786 said:

I've been having the same issues with Steam honestly. Changed the pw 3 times and I always get the notification. Nothing changes internally on my account. I always get 2FA emails, so I just made my email account much more protected. Idk what to do about steam honestly. 

Literally last night attempted to find some way to do this.

Completely went through ALL of my accounts on Bitwarden, changed the passwords.

Then changed login email of Steam, and PW of steam via browser in Safemode + Networking on an 'Incognito' Brave tab.

Using a 28Char password, mix of Caps, lower, numbers, symbols. Still within 2 hours I got a notification of someone trying to login from an IP in China.

 

I literally can't see anything on my end at this point.  I am gonna bet someone 1 dollar that in the coming months/year there will be some notice of a breach that was found.

 

Hopefully I'm wrong and just Hackers are that good at guess randomized passwords, where length and content are unknown.

[Wait_____u_____what]

10 hours ago, Tocsin_786 said:

I've been having the same issues with Steam honestly. Changed the pw 3 times and I always get the notification. Nothing changes internally on my account. I always get 2FA emails, so I just made my email account much more protected. Idk what to do about steam honestly. 

 

IT'S EVERY 2 HOURS NOW, WTF STEAM THERE HAS TO BE SOMETHING I CAN DO

[Wait_____u_____what]

On 3/22/2021 at 10:15 AM, Wait_____u_____what said:

 

IT'S EVERY 2 HOURS NOW, WTF STEAM THERE HAS TO BE SOMETHING I CAN DO

To anyone getting this far, after investigating.  I guess at some point, somehow, I linked the same email for steam guard to a different steam account? 

 

The user name was almost the same(with a capital 'o' rather than a '0')

Unsure how often this happens with people but yeah....funky.

 

Anyway, deleted the other account, now all is well!

 

[Tocsin_786]

On 3/22/2021 at 10:15 AM, Wait_____u_____what said:

 

 

IT'S EVERY 2 HOURS NOW, WTF STEAM THERE HAS TO BE SOMETHING I CAN DO

So I figured it out on my part... apparently I had two steam accounts forever. I used my Gmail for my actual steam account, and Yahoo for the one that I got spammed about. I never realize this cuz I barely get steam notifications on gmail. So I just deleted the un-used steam account and have not gotten any more messages. There deff was  a data breach, I never get emails on my gmail cuz thats the account I changed the pw for multiple times.