Steam Password Change Day
Steam Guard notification of a login attempt from a French IP. That password was 9 days old, 30 random, reasonably high entropy characters long.
Valve seriously needs to fix their InfoSec stance. Brute force attacks should not be this easy, nor should they leak so much information about how successful they are and/or associated email addresses and 2FA info.
It's 2018, how can you trust a digital store that doesn't rate limit login attempts and leaks like a sieve?
Steam Password Change Day
Three nearly simultaneous Steam Guard notifications of login attempts from Russia, Mozambique, and the Canton of Geneva. That password was less than 24 hours old, 42 characters, high entropy.
In what fucking real world scenario would a person be trying to login to the same account from IP Addresses in Russia, Mozambique, and the Canton of Geneva at the same time? It might be an interesting spy drama to read, I guess?
Weirder than Usual Steam Password Change Day
Email address associated with account seems to still be correct, and inventory seems untouched.
That previous password was 64 characters and lasted not even a week.