On email as well?
If yes then that indicates it is likely to be a man in the middle attack by someone with RDP access and a keylogger. However this scenario is unlikely as its a sophisticated attack which wouldn't go after a steam account. The attacker would be looking for crypto currency wallets and banking details.
If no then email is the weak link in the chain and leaves various attack vectors such as weak credentials, phishing, keylogger, RAT, RDP, etc or a mixture of all.