Suspicious login data

Hello everyone I was checking my settings in my steam account lately and I found very suspicious login data there. I live in Poland in city called Szczecin it's the state major city. I found out on my steam account that a lot of my login credentials are from other places that the city I live in. I wasn't traveling anywhere outside my home city this year or login on my steam account from other PC. A lot of logins are from small cities lying on the same state that my city is located, but few of them are from big polish cities lying far away from my home. Cities like Gdańsk or Cracow.logins hours are also very odd. I have to add that my steam account have protection. Whenever I want to login from different machine I have to input verification code that is being sent on linked with steam email address. Is my PC or network is compromised? Can anyone can explain it to me? I attach screenshots of logins data from few months.

Change your password is what I recommend.

I've done it on the begging of the year because I've had odd login data before but they all were from few small cities in area. But I've changed it and login credentials are from much more places including big cities far from my state of resident. So conclusion is I've changed password and problem stay I would say iteven expand. My conclusion is I've change password 4, maybe 5 months from now and it not helped.

It could just be bad geolocation of your isp

That is what I thought before changing password when I found out login info from small cities in my states. Then I change password cause I thought it could be just ISP thing. But know I had login credentials from city like Gdańsk(sth300km away from my place) and Cracow (it's literally other side of the country sth like 700+km from my place of stay) after changing place of stay is at least odd. That happens after password change and remember that every login from different machine have to be confirmed by code send to me by email. Im far far away from being it expert, but bypassing that kind of secure have to be hard to do at least.

If they can bypass your 2FA, I have the following suggestions:

1. Your email is compromised.  I list this first because it's easier to check. Go through the security checkup of your email account, making sure nobody else has access to it (check IPs and access) or has changed any important settings (like forwarding, filtering, credentials including passkeys and 2FA methods), making sure you use a good unique password, and enabling 2FA.
2. Check if your steam account has a phone number that is yours.  It seems you can use mobile apps to log into the steam account.  If the attacker was able to set up a persistent way to access your account, they may be able to access the account even if you have changed the password.  I don't know the details about this, though.
3. Your PC is compromised, and there are malware stealing your session cookies.  This allows password + 2FA bypass on some systems.  Fully scan your PC with Windows Defender in Safe mode.  Repeat using MalwareByte.  Log into your steam account from another PC, change password and deauthorize all sessions on your account.  Logout.  Wait and see, not using your steam account, if after doing this, someone is still able to log into your account.  To be absolutely sure, you may have to wipe the PC and reinstall the OS.
4. If you use your steam account on another device, like mobile, you may have to clean it out like your PC.  Your mobiles are easier to backup and reset, so maybe you should just do this.

The widening hack might be because someone is able to sell your credentials to a wider and wider audience, although it's strange/interesting that it's limited to Polish cities.

Edited by Dill2046, 28 June 2024 - 11:34 PM.

Skoor, there's probably nothing sinister going on.

 

Steam uses a geolocation service that takes your IP address and tries to determine where you physically are in the world. Geolocation is notoriously inaccurate -  although it nearly always gets the country right which is what's been happening to you.

 

As a test, I used a couple of online geolocation services and they both placed me in a city 80 miles south of here.

 

I'm guessing that you have a dynamic public IP address (that frequently changes) and that's why Steam thinks you're in different cities.

 

You've changed your password multiple times and have extra security enabled so you've done all you can and you should stop worrying about this.

I was about to mention what Secret-Squirrel says. It could be that the previous user that was assigned the IP address that you are currently using was in a different city, and that's what the geolocation service memorized.  Just to test this theory, compare the same IP log (date, time, city) at a different time to see if the city changed in your log (for the same date and time).

 

Edited by Dominique1, Today, 02:00 AM.