Steam Password Change Day Show more
Steam Guard notification of a login attempt from a French IP. That password was 9 days old, 30 random, reasonably high entropy characters long.
Valve seriously needs to fix their InfoSec stance. Brute force attacks should not be this easy, nor should they leak so much information about how successful they are and/or associated email addresses and 2FA info.
It's 2018, how can you trust a digital store that doesn't rate limit login attempts and leaks like a sieve?