Imagine this: you’re playing your favorite Steam game when, out of nowhere, you’re popped out of the game and back to your desktop. You attempt to log back in while thinking to yourself, “It was just a bug.” Right? No such luck. You’re faced with a Steam login screen. You try to log in, and again, no dice. You try two more times; both login attempts fail on the spot. What gives?
So you check your public Steam profile, and what you find makes your heart sink into your feet. Your profile looks different, there’s clearly been some activity on the account that you never authorized, and even your friend list has new faces on it — faces you don’t recognize.
This is the plight of an account hack. If it’s happening to you, don’t fret, you’re not alone. Such attacks are a constant threat to Facebook, Twitter, and Instagram accounts, and it can feel just as disastrous to lose your Steam account — especially if you’ve sunk hundreds or thousands of hours (and dollars) into it. It is as likely to become the target of phishing schemes and other invasive maneuvers by malicious actors as the other platforms mentioned earlier.
How to recover a hacked Steam account
Valve has established several safeguards against Steam account thieves, but your mileage may vary. If you have zero access to your account whatsoever, your best bet is to go directly to Steam Support and begin working with them to get your account back. You’ll need to provide proof of account ownership, but Valve also suggests having other information on-hand, such as past email addresses and login credentials (previous usernames and passwords can help, especially if the hacker changed your account’s username).
There’s also an unofficial Wiki page on Reddit that offers up-to-date tips and tricks on recovering your Steam account and keeping it safe. In any case, you should do the following:
Use an antivirus tool to track down and clear any malware you may have on your computer. Don’t worry too much about the specific tool you choose at the moment; Avast or BitDefender work well, despite some of the controversies surrounding both Avast and BitDefender. Both services offer free trials that you can cancel when you’re finished with this procedure.
Reset your email address-associated passwords and make sure your other accounts are safe and secure. It’s a good idea to generate new, never-before used passwords that include several words and at least one special character.
Lock your Steam account remotely. This can be done from any email address associated with your Steam account. More instructions can be found on the official support page.
Gather any proof of account ownership. This includes CD keys, Steam gift cards, Paysafecards, PayPal account information, credit cards, or debit cards that have been associated with purchases on the account in question.
Begin the official account recovery process with the help of Steam Support from this link.
How to defend against Steam account hijacking
It’s impossible to entirely prevent phishing schemes and other forms of malicious activity that could put your account security at risk. However, there are several ways to be vigilant and proactively stop a hacker from gaining unauthorized access to your account(s).
Your first line of defense against account hacking is your own set of eyes and ears. If you receive an email that looks fishy, such as a claim from Valve that says something ridiculous or alarming but requires you to click on a link and type your login credentials onto a webpage — exit out of your browser immediately, scan your system for malware, and circle back and flag that email as a phishing scam. You can also quickly and easily identify whether a website is legitimate by looking at the URL bar. If the URL bar shows a locked lock pad and “https://” in front of the URL address, you’re looking at a real website and can breathe a sigh of relief.
Regardless, no Steam administrator has any reason to ask you for login credentials in an email or anywhere else on the internet. If someone claims to be a Steam admin but is asking you for confidential information, you should immediately ignore them and flag the message as a phishing attempt.
It’s also important to ensure that your Steam account is as secure as possible. Steam itself has a few security options through SteamGuard, which you should toggle on in your Steam account settings. Once that’s activated, you will want to provide as much information and enable as many of the following backup options as possible:
Email Two-Factor Authentication