So hellsdevils account was hacked.. i checked it out and it seems they found a way to get access on his pc via some trojan (thats what i presume) took the hotmail account, just checked with steam "which account belongs this e-mail" (yes you can actually do that!!) then said "forgot password" and since they had access to his email they where able to change his password. Steam guard was on, so ofcourse they send a e-mail asking if its "ok" to add another pc.. and which they said "ok" to again ofcourse.. and voilla account gone. Now he has to do the hijack recover process with a cd-key and such which should get him back online. But i doubt anything of value is left in the backpack.
I don't think you can, most likely they knew his account name as well. Personally i keep mine very well guarded, nothing to do with my display name. Probably only my brother knows it. That he can get back from steam support, but it's a pain he has to do all of that obviously. I can't emphasize enough people, sign up to gmail and link your steam account to that. Enable steam guard and Gmail 2 step verification ( <a class="postlink" href="http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744" onclick="window.open(this.href);return false;">http://support.google.com/accounts/bin/ ... wer=180744</a> ), then you could give out your steam user name, password, email address and password and people still couldn't hack you. (Although i would not be willing to test this ) NEVER reveal your account name or any other details about your steam account. Even if someone got your password, means squit without the username. NEVER reveal any personally identifiable information. This may lead to "social hacking" (them finding out more information about you through the book of face etc. Keep your payment details PRIVATE. mattie ( <a class="postlink" href="http://steamrep.com/index.php?id=76561197971691194" onclick="window.open(this.href);return false;">http://steamrep.com/index.php?id=76561197971691194</a> ) was hacked this way because someone went to steam with his credit card information and support disabled steam guard and gave the account to the hacker. He lost $1000's worth of unusuals (were all granted back by steam support) but still a pain to go through. If you are uber paranoid then consider getting a separate card and using it only for Steam. Personally I have 2 cards, one I use everyday in shops and such, and one I use for all online transactions, including steam. Aside from the risk of losing your backpack, if they were to get you VAC banned then that is IRREVERSIBLE, Valve don't give 2 hoots if you were hacked. Otherwise every cheater would go to valve and claim they got hacked.
He had a e-mail in hist hotmail (deleted) which said "a query was made to find the steamid matching your hotmail" blabla
couple of bad assumptions to be removed here. - any mail from steam contains the username right on top ( "hello 'username' blah blah" ) - more likely a spoofed site of steam or just lacking a good password on his hotmail. - Gmail isn't much safer, as it can be compromised on way more ways then say yahoo or hotmail. Yes, even with 2-step. Before he starts doing the recovery, he must first make sure he's not having any malware on his PC anymore. otherwise his steam login and any info he provides can be peeked upon.
sorry dont download XXX ther was on the dutch radio samting like an Trojan for Babk passes etc on an ??? site ???
hmm, due the amount of ways the email can be read/forwarded/accessed: - POP3 (no 2-step) - IMAP (no 2-step) - allowing other accounts into your mail (no 2-step) - filters (can be forwarded) once they had access to your mail, you have to thoroughly check all settings and block access.
Just dont allow anything other then 2 steps authentication then but i knw what you mean, those one time things password to let other tools still work will be a security risk.
dont forget that your fail-safe account can be hijacked, and goes around 2-step as well... gmail has just way too much options to get into the mail by a culprit, and a bunch of those dont need 2-step to activate that access. and the default settings are quite lacking to be honest....