What are the warning signs that someone has hijacked your Steam account? Here is what to look for and what you can do to get your account back.
The videogaming industry doesn’t stop growing. In fact, it is estimated to reach a market value of $197 billon by the end of 2022 and surpass $250 billon by 2025. This, together with its irresistible allure for ever younger and younger gamers, has contributed to an increase in scams and cyberatacks targeting the platforms and their users alike. A recent poll by ESET Latin America found that one in every three gamers have experienced a scam attempt on a videogaming platform.
One wildly popular gaming platform is Steam and, sadly, not just among gamers. Cybercriminals often use social engineering tactics to hijack other people’s gaming accounts and sensitive information that they can sell in underground forums or use it to carry out scams. Steam’s customer support receives more than 20,000 requests daily that concern security-related problems or come from people who have lost access to their accounts.
In this article, we’ll look at what you can do if your Steam account has been raided by someone else.
What to do if your Steam account has been hacked
When you realize, either thanks to login alerts or due to suspicious account activity, that someone else has accessed your Steam account, the first step is to remain calm.
First of all, change the password to your account – regardless of whether the criminals have already changed it or not. This can be done in the Steam app or here on the Steam website. Doing so will also terminate all current user sessions on all devices, including those you didn’t start yourself.
It’s important to ensure that the new password is not related to your old password and that it is unique and strong. While you’re at it, make sure to avoid these password mistakes.
If you’re unable to regain access to your account (for example, the cybercriminal has modified some of your data), you’ll need to directly contact Steam’s customer support and provide proof of account ownership, as detailed here. Be aware that you may be asked to send payment details previously used to make purchases from the account.
Second, you should review the list of transactions made on the account, such as purchases or sales of content. If you spot a transaction you don’t recognize, you can report it using the same form, as detailed in this Help article.
Third, you should consider what kind of information the criminal may have accessed after breaking into your account. That way, you can take precautions against what may happen in the aftermath of the hack. For example, they may know your full name, contact details and other information that can be used for phishing attempts.
At the same time, if you use the same access credentials to log into another app or online service (which, let’s face it, many people do), you need to change also the access details to these services immediately.
Finally, you should also consider the potential collateral damage that may arise from the hack. Importantly, watch out for the warning signs of identity theft, especially if your personal and payment data has ended up in the wrong hands.
How to secure your Steam account
Changing the password to a strong and unique one (perhaps with the help of a password manager, which can generate such passwords for you) is not the only precaution you should take in order to protect your Steam account going forward.
The platform offers a two-factor authentication system called Steam Guard that adds an extra security layer to your account so that it is not only protected by your password. 2FA is particularly useful when a criminal tries to log into your account from a device that is not yours.
With 2FA enabled, you will receive a one-time code, either via email or the Steam Guard Mobile Authenticator (a feature available in the Steam app), every time you log in from a device that you have not previously marked as “trusted” or that you have not previously used to access your account. It’s also possible to set all devices as untrusted and ask for the access code to be generated and sent to you on every single login attempt, which may help thwart fraudulent login attempts where, for example, somebody else has gained access to your email account.
At any event, is important to look out for messages that purport to come from Steam and phish for your login credentials. This article explains in greater detail what to watch out for in order to avoid falling victim to a phishing attack. Finally, using a trusted security solution that will go a long way towards protecting both your desktop and mobile devices.