Doesn't look like a phishing attack to me. Looks like someone knows your steam password and is trying to get in. Change that password and check out https://haveibeenpwned.com/ to see which breaches you're in. Stop reusing passwords and get a password manager.
That would be phishing, yes. Password's probably picked from an old breach.
You can check the breaches an email is in on Have I Been Pwned.
You should probably change your passwords on sites where you've reused that one.
My Company got a TON of these over the weekend.
They seem to be fairly common. When we tried to analyze in a sandbox (app.any.run) we couldnt get the page to load.
It looks like this is going to be the new hot thing for a while, I was already able to create a email security filter for it.
Hey man, happy new year to you, too.
as long as you didn't type your password in somewhere, there is no problem.
To the million passwords stored on your computer: Where do you store them?
In case they are in a text file of some sort or some other form that is not made to store a password you should fix that.
I would recommend you for example like KeePass (https://keepass.info/) which is a password manager where your passwords will be encrypted with you master password (make it a safe one, should be 12+ upper and lower case characters with numbers and special characters that you can remember well. For example !LazyFrog_2077
Here is a website that makes reading the email headers a lot easier. Just copy and paste them in there and it'll break out all the parts
But the contacts that were sent the emails are completely unrelated to each other. For instance family members that have never met or talked to some of her friends.
Using https://haveibeenpwned.com/ tells me there has been no hack though.