# Got a forgotten/reset password email from Steam all of a sudden...



## AchuSaysBlessYou

Well they seemed to have failed to get into your steam account, so... yeah I'd suspect someone was trying to get in. As for should you be paranoid, maybe? I mean they didn't get in I don't think... but if your password was strong enough to start with, you shouldn't worry as changing it will just be a PITA for you to remember whereas they wouldn't know if you changed it or didn't change it as they seem to have no clue what your password is to start with. If it'll soothe your mind, go change it, and make sure it's something "hard" so... at least 1 number, 1 character, and 1 symbol


----------



## HeWhoDared

Quote:


> Originally Posted by *AchuSaysBlessYou*
> 
> Well they seemed to have failed to get into your steam account, so... yeah I'd suspect someone was trying to get in. As for should you be paranoid, maybe? I mean they didn't get in I don't think... but if your password was strong enough to start with, you shouldn't worry as changing it will just be a PITA for you to remember whereas they wouldn't know if you changed it or didn't change it as they seem to have no clue what your password is to start with. If it'll soothe your mind, go change it, and make sure it's something "hard" so... at least 1 number, 1 character, and 1 symbol


thanks for the reply man

my passwords are pretty damn strong, I don't know how i remember them, but they are essentially like serial keys lol

Still I can't help feel to anxious.


----------



## PappaSmurfsHarem

Quote:


> Originally Posted by *HeWhoDared*
> 
> thanks for the reply man
> my passwords are pretty damn strong, I don't know how i remember them, but they are essentially like serial keys lol
> Still I can't help feel to anxious.


Do you have Steam Guard enabled?

They could still technically brute force your password. Steam Guard however negates that.


----------



## Riou

Is your account name the same as your community name? That is probably why they got your account name and tried to do a password retrieval.

Just keep your passwords different for Steam and email.


----------



## pjBSOD

Yeah, brute forcing happens all of the time unfortunately. I would as said above more than recommend enabling Steam Guard. They'll have to have access to your email itself to get into the Steam account with that enabled.


----------



## HeWhoDared

Quote:


> Originally Posted by *PappaSmurfsHarem*
> 
> Do you have Steam Guard enabled?
> They could still technically brute force your password. Steam Guard however negates that.


Right yea, and yes i do have guard enabled. I know steam guard would prevent that, but I'm contemplating if i should just use new passwords and a new email.

For a password reset, you need both the email and the account name right? I don't even think i've given out my email to people/friends online at all tbh.

Dr Strangelove.. good movie









@Riou, Yea my community name is the same as my account handle.. I just realized that


----------



## PappaSmurfsHarem

Quote:


> Originally Posted by *HeWhoDared*
> 
> Right yea, and yes i do have guard enabled. I know steam guard would prevent that, but I'm contemplating if i should just use new passwords and a new email.
> For a password reset, you need both the email and the account name right? I don't even think i've given out my email to people/friends online at all tbh.
> Dr Strangelove.. good movie
> 
> 
> 
> 
> 
> 
> 
> 
> @Riou, Yea my community name is the same as my account handle.. I just realized that


I wouldn't bother creating a new E-mail, just change the passwords for Both if you are worried


----------



## HeWhoDared

Quote:


> Originally Posted by *PappaSmurfsHarem*
> 
> I wouldn't bother creating a new E-mail, just change the passwords for Both if you are worried


Alright man thanks, but just to put this in perspective.

Anyone really, who knows my account name could try to reset my password? They don't need my actual email address?

If so, in theory couldn't it just happen again regardless if my passwords were changed? And going possibly going far as a new email.


----------



## pjBSOD

Quote:


> Originally Posted by *HeWhoDared*
> 
> Alright man thanks, but just to put this in perspective.
> Anyone really, who knows my account name could try to reset my password? They don't need my actual email address?
> If so, in theory couldn't it just happen again regardless if my passwords were changed? And going possibly going far as a new email.


Well, they'll need to know your secret questions I believe. I haven't had to reset a Steam password the traditional way in quite some time, so I cannot remember.

Edited multiple times due to brain giving out.


----------



## HeWhoDared

Quote:


> Originally Posted by *E-Peen*
> 
> Well, they'll need to know your secret questions I believe. I haven't had to reset a Steam password the traditional way in quite some time, so I cannot remember.
> Edited multiple times due to brain giving out.


I think you are right... someone guessing my recovery question is kinda scary though.. I thought my secret question was well.. very secret









Edit: passwords changed.. changed the recovery question, even found a site that generates passwords that also has it in the NATO Phonetic alphabet so that should help me right off the bat to memorize em, though usually i just memorize the keystrokes.









Many thanks to all that posted, you guys are awesome.


----------



## HeWhoDared

Bump

So I created a Steam ticket to get their opinion on the situation because I still wasn't fully convinced.

Of course they give me a reply that leads me to believe they did NOT read my message, but besides that I got another forgotten password email around the same time actually 2:49 PM EST

I'm not sure if Steam actually sent that themselves because they thought I had trouble resetting my password..









Upon logging on i got another friend request from what seems like a dummy account, as if him just adding me out of the blue wasn't shady enough, his profile name was [UNKNOWN]

I'm wondering if these random people are connected to why i'm getting these emails...


----------



## Aparition

Change your steam tag to not match your account name.

As long as they have your account name they can try to get into your account.
Your going to just have to block/ignore these people, rely on steam guard, and protect your email and passwords until they give up and leave you alone.

Do change your forum tag though so that they don't pick your name again and start all over later.


----------



## HeWhoDared

Quote:


> Originally Posted by *Aparition*
> 
> Change your steam tag to not match your account name.
> As long as they have your account name they can try to get into your account.
> Your going to just have to block/ignore these people, rely on steam guard, and protect your email and passwords until they give up and leave you alone.
> Do change your forum tag though so that they don't pick your name again and start all over later.


So they do not have to successfully guess my secret question/answer in order for the email to be sent?

Thanks though for the quick reply after the bump, I really appreciated it!


----------



## Aparition

That is interesting... I am reviewing the process for retrieving the password
https://support.steampowered.com/kb_article.php?ref=4988-DHXV-7272#yesaccountname

Your right you do need the email details and secret question.
The last email request might have been Steam from your ticket... but the other attempt I don't know, it is possible they guessed or it is a bot/script.
I'd make sure there are no viruses on your system and just keep tabs on your account. It is possible they are sending support tickets themselves to Steam for your password reset, not sure what that will accomplish though.

Another thing that is fairly common is that someone else has a similar email name as yours and it is sending you notifications by mistake?


----------



## HeWhoDared

I think what makes me very nervous is that someone guessed my secret question, I'm running a full scan right now, but i'm not feeling too good about this.


----------



## .theMetal

I think you will be ok. just change your password, and all of your passwords everywhere that are that particular one, and change your display name and change your security question.

I have to thank you though because this was the push to go change all of my passwords just to strengthen my personal security.







so thanks.

and again take all of the precautions and you will be fine.


----------



## HeWhoDared

Quote:


> Originally Posted by *.theMetal*
> 
> I think you will be ok. just change your password, and all of your passwords everywhere that are that particular one, and change your display name and change your security question.
> I have to thank you though because this was the push to go change all of my passwords just to strengthen my personal security.
> 
> 
> 
> 
> 
> 
> 
> so thanks.
> and again take all of the precautions and you will be fine.


thanks for replying.

Thing is, yesterday this same exact thing happened yesterday, I'm trying to figure out if I should change my passwords and secret question again though.

Definitely gonna change my display name, getting sick and tired of all these shady people though.


----------



## allikat

They may well be faked emails from Steam, with links to nasty password scraping sites, or other malware links. I got 4 or 5 claiming to be from Blizz last year which seemed to imply I was the proud owner of a new account... didn't touch them.
All they have to do is get a real steam forgotten password email, hide a nasty link behind the real looking one in the email, add faked email headers copied from the original, and wait for the account details to roll in.


----------



## HeWhoDared

Quote:


> Originally Posted by *allikat*
> 
> They may well be faked emails from Steam, with links to nasty password scraping sites, or other malware links. I got 4 or 5 claiming to be from Blizz last year which seemed to imply I was the proud owner of a new account... didn't touch them.
> All they have to do is get a real steam forgotten password email, hide a nasty link behind the real looking one in the email, add faked email headers copied from the original, and wait for the account details to roll in.


I'm fairly certain they are from Steam though.. :/



thanks for posting though man


----------



## .theMetal

Quote:


> Originally Posted by *HeWhoDared*
> 
> thanks for replying.
> Thing is, yesterday this same exact thing happened yesterday, I'm trying to figure out if I should change my passwords and secret question again though.
> Definitely gonna change my display name, *getting sick and tired of all these shady people though*.


Definitely agree with ya there. People just have to be a-holes. Good luck with the fight though, seriously.


----------



## sunny7L

so i didn't bother to read through all the text but if you receive this email i have some insight and there is NO NEED TO WORRY (for the most part).
>I made my steam account a long time ago and with a very basic username 'sunny'. this is my actual account name as well as my gamer name (sometimes).
however, obviously other people also have the name sunny in games, and WHEN they forget their steam log in (there are many of these people)
>>i get emails about twice a month for the forgotten password ONLY BECAUSE they go to option under account retrieve 'I remember my unsername' and they enter 'sunny' (which is MY account name) when their username could be anything, jimbob1239 for all I know, but they confuse it with their IN GAME NAME.
>>>so if you have a STEAM ACCOUNT NAME that is very basic/simple and common in nature, EXPECT THESE EMAILS.


----------



## Karlz3r

Just remember to use different (new) passwords for more important things.
And don't use passwords that you've been using in some random forums or browser games etc.

I recently set one of my common passwords for Path of Exile and although I haven't played it for a month, I recently got an e-mail from PoE staff with this inside:

"Your Path of Exile account has been locked because someone attempted to log in from a location that you don't typically play from - "Shaoxing, Zhejiang, China"."

I haven't been scammed in a game in 10 years, but looks like people still try to break in. I ran Antivirus + Spybot scans after I got this letter and nothing was detected. Changed my password to a brand new one and problem solved.


----------

