Today was a bad day, after having someone back into my car at 30 miles an hour this morning I was a little distracted. So when a friend sent me a link to what I thought was a steam community page I didn't have any hesitation in logging in. Then I realized that friend had no idea what the link was and thought his account had been stolen, then I took a second to check out the site and realized the domain (valvecommunity.co.cc) was not affiliated with Valve in anyway. The page was brilliant in that it looked like the steam page in every single way. It had the same ads, the same store page with moving pictures and up to date info, I honestly think you could get as far as giving them your credit info, to buy a game before it would reveal its hand.
So i've since taken all the normal last ditch efforts to keep my account from getting stolen, changed my password, run a couple virus/phisher checks. I've hesitated to send in a support ticket yet since nothing on my account has really changed yet, but when it does I will. But I have a question...
I changed my password, but obviously that isn't enough, but I can't understand why, they can't log me out of my account because I know the password and any further changes would have to be verfied through my email address, which also can't be changed without verifying through that same email. What does using my password do for them?
Edit: I know this seems like a steam forums question, but im just generally curious and I'd rather not fiddle with any steam related logins right now.
Log in to comment