I still sometimes wonder if anyone knows a way to get to a non-victim blaming Security person at Steam. A trivial! GitHub search seems to turn up the OpSec leaks these botnets are using (unauthenticated REST API that leaks for 2FA accounts whether password attempts succeed, that 2FA is setup, downgrades 2FA to email-based regardless of 2FA settings, may leak email details as well, and appears to have bare to no throttling). This is years of frustration at what seems a clear Steam problem.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!