He can't.

Going to a trading site off Steam and logging into your account from there is the most common way.

2FA makes different random numbers. It's impossible to know next numbers. It's like a bank ID.

Originally posted by Chill-Out-Zone:

2FA makes different random numbers. It's impossible to know next numbers. It's like a bank ID.

2FA is compromised once given away when logging into scam 3rd party sites.

there was random discord people showed my profile and said "this is your steam?" and i thought he would add me as friend and said "yes". but they ♥♥♥♥♥♥♥ deleted their messeges quickly to cover their tracks. i wonder how he could hacked me after 2 min.

Originally posted by Jayden:

there was random discord people showed my profile and said "this is your steam?" and i thought he would add me as friend and said "yes". but they ♥♥♥♥♥♥♥ deleted their messeges quickly to cover their tracks. i wonder how he could hacked me after 2 min.

i'm pretty sure i didn't click any link or give any code things

sorry this happened, partner.

use these steps, put together over the years by users smarter than i am, as needed

if you do not have access to your account

Account Recovery
Make sure you are completely logged out of Steam before you start the recovery process

How To Recover Your Account 

A Guide for Steam

By: 🜂∴🜏 Cassie

This is a step-by-step guide on how to navigate the Steam Support Help page to recover an account that you no longer have access to.

https://help.steampowered.com/en/wizard/HelpWithAccountStolen

https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366

you don't need access to the email, phone number or password tied to the account for this to work. p
Just pick the "i forgot my password" and then "I no longer have access..." options when asked.

----------------------------------------------------------------

if you still have access to your account
(or after getting your account back, or just to be safe)

make sure to do all of these


DO NOT TRADE
many scams try and scare you into trading your items and they get hijacked

1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a trusted/clean computer.

4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

----------------------------------------------

the thing to remember is

nobody capable of hacking steam is going to waste it messing with your account

they will get in, scrape the site of all the truly useful, money making info and leave as quietly as they can and sell it

what happened to you was more than likely phishing. somewhere along the lines

people either log into one of these sites that offer free stuff or trading

log into a page thinking it is a steam page, usually by clicking a link from a shady source

they gave their info to someone they thought was steam because of a scam

it is that or you had/have some kind of virus on your system. this is much less likely as phishing is the number one way that people are stealing accounts these days

Originally posted by KalCuey:

sorry this happened, partner.

use these steps, put together over the years by users smarter than i am, as needed

if you do not have access to your account

Account Recovery
Make sure you are completely logged out of Steam before you start the recovery process

How To Recover Your Account 

A Guide for Steam

By: 🜂∴🜏 Cassie

This is a step-by-step guide on how to navigate the Steam Support Help page to recover an account that you no longer have access to.

https://help.steampowered.com/en/wizard/HelpWithAccountStolen

https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366

you don't need access to the email, phone number or password tied to the account for this to work. p
Just pick the "i forgot my password" and then "I no longer have access..." options when asked.

----------------------------------------------------------------

if you still have access to your account
(or after getting your account back, or just to be safe)

make sure to do all of these


DO NOT TRADE
many scams try and scare you into trading your items and they get hijacked

1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a trusted/clean computer.

4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

thank you mate, i'll try those later.
anyway, can u explain my question before? i really wanna know about it

and im pretty sure didnt click any link or give any codes

Don’t wait around to secure your account if it is potentially still compromised.

Originally posted by Jayden:

Originally posted by KalCuey:

sorry this happened, partner.

use these steps, put together over the years by users smarter than i am, as needed

if you do not have access to your account

Account Recovery
Make sure you are completely logged out of Steam before you start the recovery process

How To Recover Your Account 

A Guide for Steam

By: 🜂∴🜏 Cassie

This is a step-by-step guide on how to navigate the Steam Support Help page to recover an account that you no longer have access to.

https://help.steampowered.com/en/wizard/HelpWithAccountStolen

https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366

you don't need access to the email, phone number or password tied to the account for this to work. p
Just pick the "i forgot my password" and then "I no longer have access..." options when asked.

----------------------------------------------------------------

if you still have access to your account
(or after getting your account back, or just to be safe)

make sure to do all of these


DO NOT TRADE
many scams try and scare you into trading your items and they get hijacked

1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a trusted/clean computer.

4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

thank you mate, i'll try those later.
anyway, can u explain my question before? i really wanna know about it

and im pretty sure didnt click any link or give any codes

if you have the steam guard on, you must have given it away somewhere.

that is really the only logical choice

otherwise, there would be so many posts about steam being hacked.

it blows, but think hard

where do you log in to steam-web browser, client, both?

do you do any trading? if so, where?

have you gotten any phishy emails, requests that at the time may not have seemed phishy but now, after some thought, are?

like i said, phishing is the number 1 way that people are losing their accounts.

not just on steam, but everywhere.

it is just much easier to trick someone into giving their info out then to creat and use a program that can break security

How the fraudster actually accesses the account with 2FA enabled:

You attempt to login to one of these fake sites, under the impression that you're visiting the real deal.

Usually when you interact in any way with the fake site you'll be prompted to login by an extremely convincing popup. It looks identical to a Windows browser window.

If you enter your credentials, these aren't being passed directly to Steam. The username and password will be sent to a server of some kind where they will automatically login themselves with the credentials provided.

If you provide incorrect information, the server will pass that back to you and show you Steam's invalid details error message.

If you provide the correct information, the server then gets asked for your mobile authenticator code, the server then pass back to you a second dialog asking for your code. If you then give a code, the server uses that code to successfully login to your Steam account.

2FA doesn't protect against phishing attacks

Dont log into shady websites for 'free' stuff.

The only way for an account to become compromised is if you give away your entire credential set to a phishing window or it is captured by malware. In both instances, these are instantly login-botted into a real client and your account is shadow hijacked. There are no 'hackers' and the chances of someone entering an auth code correctly within 30 seconds after already securing your credentials somehow is greater than winning a lottery jackpot.

Either you gave away your credentials to a malicious link or you have harmful material on a device your account has used. 2FA is just an extra security layer - it cannot protect if you give away the codes the same way a door lock is useless if you give a thief the keys.

Originally posted by Jayden:

anyway, can u explain my question before? i really wanna know about it

and im pretty sure didnt click any link or give any codes

Keep in mind that scammers don't necessarily strike right away. Once an account has been taken over they more than often wait several months before they start their spiel, this also helps you to completely forget about the moment when things turned sour.

Worse yet: there are websites which actually rotate between a legit Steam login feature and a fake one, so you wouldn't be the wiser anyway. Generally speaking: if you use your Steam account to log onto websites other than Steam you're taking a risk.

The only way to make sure that this doesn't happen is to make sure you're always logged into Steam first. Because if you ware then any website which asks for your Steam account/password is a fake one.