Do your codes of the auth app still work? Test with a browser.

Nope, it didn't work, nothing worked, I tried to change my password but it never gave me the confirmation. I never changed my mobile auth to any other phone. So I proceeded to change my password, removed steam auth and enabled it again. I just did that. I contacted steam support. I don't know if they will do anything about this situation.

The code which steam guard generated it didn't work, I had to remove it and re enable it again.

That means someone used auth codes or sms to move auth on another device.

Never login to links, fake sites or buttons. Thats how those things can leak. (Or infected computer)

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey - This field should be blank

I didn't login to any sites, besides Faceit or ESEA, and also my computer isn't infected. This is more of STEAM low level security, which made my steam account to get hacked. I don't know how steam support will respond to this.

Revoke the API key https://steamcommunity.com/dev/apikey -
This is blank for me, I did deauthorized every device, generated new backup and everything.

I got MCAfee as my antivirus.

To access your account someone needed your
account name,
the password,
the auth code (to remove auth even two or reading an sms)

I have my doubt it happened on steams side, given that they dont know your password in plain text nor hand out the codes.

Originally posted by Laughinbunny:

I got MCAfee as my antivirus.

I would not use that as your antivirus. There are far better alternatives in my opinion.

That aside, if the steam auth was actually compromised then many more accounts with very expensive inventories would have been stolen. Additionally, IF there were a compromise, steam would most likely let users know about it so passwords can be changed just like every other company out there that has been compromised in the past.

I have steam auth as well. I've never been compromised. Same with Gabe himself who gave away his login information and challenged people to break into his account. (He has steam auth, so no one has been able to get into it)

So chances are you logged into a shady place and are now reaping the rewards. Its not a shameful thing to admit either, TONS of people fall for this kind of stuff. Scammers (They aren't hackers, they're just convincing you to trade or give over your login details in some form or another) make tons of money by doing this kind of things not only here but elsewhere as well.

Anyway, take it as a learning opportunity, I wish you the best.

Originally posted by Laughinbunny:

I got MCAfee as my antivirus.

It's probably compromised.

Originally posted by Laughinbunny:

I didn't login to any sites, besides Faceit or ESEA, and also my computer isn't infected. This is more of STEAM low level security, which made my steam account to get hacked. I don't know how steam support will respond to this.

Everyone who gets hijacked always say "I do not login to sites etc."

Accounts are HIJACKED (phished) NOT hacked by giving away your details and confirming the trade by NOT checking details, clicking on a link etc.

You are not the first, you will not be the last as these type of threads are a daily occurrence.

Been here 16+ years, never had my account hijacked. Not a Steam issue.

Originally posted by Laughinbunny:

I got MCAfee as my antivirus.

An anti-virus isn't going to stop you giving away your credentials to a phishing site.

Steam Guard works perfectly as intended. It is an extra security layer and doesn't prevent you from being compromised if you are negligent with your sensitive information. If you don't know the functionality and purpose of 2FA then there isn't much confidence in you being able to secure your account.

I could have state of the art locks for my front door but if I give away my house keys to the local burglar, I can't then blame the security..