My belief is that this is a canary in the coal mine. We know that password systems don't work in the long run. There's been lots of reasons to get people away from passwords for day-to-day things. Some canaries are going to die sooner than others, and I have some ideas why this particular canary of mine died early. There are other complaints out there about Steam specifically of hacked accounts where passwords were "guessed" and then email accessed. Additionally, I have a pretty good idea of why, for what I think to be very dumb reasons, my account is a particularly well known to be "high value" account (going back to the parent comment way above that depending on how you value it, my Steam account is worth more than the PC I connect to it with). Steam itself is also in the weird "entertainment" place where it has bank-like features, but not quite the same pressure to have bank-like security (because it's just "games" and "hats"). The article here itself points to things likely written prior to 2012 that are still in active use today in Steam's login path (whether or not you believe age/tech debt implies "broken" most banks have upgraded their login systems likely four or five times since).

(My account is one of the oldest accounts on the platform, predating Half-Life 2's launch, and originally accessed via dial up internet. It has several now rare collections of games and at least a couple now "impossible to buy" games. Most critically to it being "well known" to have such value, it has several of the most rare/valuable "TF2 hats", which I think is incredibly dumb and that the marketplace is a huge gambling mistake, and those were known at the time when all Steam inventories were public [oh, the spam and phishing attempts that generated back when that was public and easily accessible]. My limited regard for the marketplace and limited use of it would make it somewhat obvious if I had "sold them" in the time since inventories allowed going private.)

As for a keylogger, specifically, I would go insane if I ever had to type 50+ character passwords. The keys you will log are Ctrl and V. Sure that opens up questions to clipboard logging and/or Password Manager incursion, but as I mentioned above, I have enough reason to suggest the threat isn't that sophisticated (in part because it is just "games" and "hats"), and paranoid circumvention in place already (even beyond the ones mentioned specifically in the above comment).