Fuck me sideways. So, recently someone tried resetting my Steam password. I first thought this was some random attempt by some random guy on the internet, these things happen after all, right? However, this kind of thing has only happened once to me before and back then it was someone I had some kind of connection to (a guy using a machine where I had logged into my Steam account once). After several minutes it slapped me in the face: my stolen laptop! A year ago my laptop was stolen during a break-in. Now, sure, what are the odds that it found a new owner without anyone cleaning it first? But, well, there was this "laptop in Iran" story, so these things seem to happen. And what are the odds that someone only tried this kind of thing a year after my laptop had been stolen? Well, who knows, maybe it just took a while to find a buyer or something. But still, I wanted to be sure, at least so I don't have to go through the horror of knowing that someone may be going through my most personal stuff again.
So I asked Steam support whether they could provide ANY additional data about whoever sent the password reset request like the operating system, the system language, the version of the Steam client, maybe something about the hardware - something that would help me determine whether it could indeed be my laptop. And after all, who knows what kind of data the Steam client transmits when someone requests a new password. Again, a long shot, but I tried. After four days I got this reply:
"We apologize for the delay.
Now, I wasn't too surprised that I got a negative answer but frankly this answer still kinda blows my mind because:
1. This would have been the kind of information that I need to determine whether this is a situation that may require legal steps or whether it's worth getting an attorney involved - that makes it a crazy vicious cycle. Plus I don't really know what kind of information they have. Now, let's assume that I paid an attorney to do some magic and force them to reveal everything they have - in the end it may turn out that for technical reasons they are not even able to provide the information I need and all of this would just have been a waste of my time and money.
2. They talk about account information but... wait a minute! They gave me the IP address of the person trying to gain access when the request was made, so sharing THAT information which happens to be "Personally Identifiable Information" (as it is called in their privacy agreement
) is okay but they cannot give me a few random facts like the client's version number? What the hell?! Plus it's MY account and I've confirmed that! They will provide some contractor with this information but not me? The hell is going on here?!
Anyway, I can't blame the support dude assigned to the issue - frankly the delay makes me assume that someone has actually checked whether they could give me something. Still, the thing pisses me off, particularly due to the lack of logic. After all, they DID give me the IP address when the request was made... now they could give me a little friggin' SOMETHING that isn't quite as sensitive, right?
And don't get me wrong. I'm still aware that this was most likely some random attempt by some random dude or by someone who got my account name through other means but still... I just want a little certainty.