Following up, just to be safe I would recommend de-authorizing all devices: https://store.steampowered.com/twofactor/manage

deleting all your API keys: https://steamcommunity.com/dev/apikey

deleting cookies in the web browser that was used

checking your logs and reaching out to anyone affected and warning them: https://help.steampowered.com/en/accountdata/GetFriendMessagesLog

This is a serious security vulnerability on Steam's part but I am so sorry for any trouble caused. Please contact me if any further information is needed,

Hey so if you got a link from me I hope you ignored it.

Someone sent me a link and had me "vote for [their] team" and the site used what appeared to be a valid steam SSO method (oauth) which had a valid SSL certificate.

Despite this and the fact that Oauth should only provide public information, a web API key showed up on my account and several people were sent fake messages from my account that contained the same suspicious link.

I have since de-authorized my account access on all devices, cleared all site cookies, and deleted that API key.

This is a serious security vulnerability on Steam's part but I am so sorry for any trouble caused. Please contact me if any further information is needed,

+rep nice friend....

haha, ya, changed my name ;)

shure :)

NO.