Yea yea, all of you have a lil % of truth.
Than explain me, whats the point of steam guard,steam app on phone which is totally bugged and works like an 90 years old wh0re? As i figured out, by logging with web on steam community, there is option to send a message to all of people on my friend list. By steam pc app i couldnt find such an option. I did a scan also on my phone, there is nothing. In my head rings only one thing about other place i could log like 8-10 years ago, where there was an popular site of beting skins.. propably thats point where the data of accounts could be compromised..
Still you didnt answer me on my question, where can i report to steam this situation to avoid being blocked or just ask them for an action from their side in this case ( if they even care)?

Originally posted by ragefifty50:

the first line... they got a dm on disc....

I got a dm from my fridn telling me that they were getting these messages from me on their steam, sorry i dont think i worded that correctly lol, my discord is fine

Originally posted by hs:

Originally posted by ragefifty50:

the first line... they got a dm on disc....

I got a dm from my fridn telling me that they were getting these messages from me on their steam, sorry i dont think i worded that correctly lol, my discord is fine

thats ok.... stay safe...

report the scammers

1. Why do people log in on the website instead of logging in directly to the Steam client which is alread DL'ed on their phone or PC?

2. Since Steam forces 2FA on us, how could somebody's Steam account get hijacked without the hacker also having control of their email (i.e. being able to get the code Steam sends)?

Originally posted by JNR ツ:

Yea yea, all of you have a lil % of truth.
Than explain me, whats the point of steam guard,steam app on phone which is totally bugged and works like an 90 years old wh0re?

Any kind of lock becomes useless when the keys are given away.

Originally posted by JNR ツ:

Still you didnt answer me on my question, where can i report to steam this situation

You can't. Account security is a personal matter and us users are responsible for anything that happens to our account. You won't be able to use this as some kind of excuse.

Originally posted by Kenpoleon Bonaparte:

2. Since Steam forces 2FA on us, how could somebody's Steam account get hijacked without the hacker also having control of their email (i.e. being able to get the code Steam sends)?

Because those sites ask for authenticator codes as well. Once you give them all the information they have a bot at the ready that makes itself comfortable in your account. What happens then depends on which type of scam it is exactly, though eventually it almost always leads down to the account getting taken over.

They can sit idly on the account for a long time. That's why many people claim the scam sites they advertised are supposedly safe. They logged in a long time ago, and they fail to see the connection after such a long time.

Originally posted by Kenpoleon Bonaparte:

2. Since Steam forces 2FA on us, how could somebody's Steam account get hijacked without the hacker also having control of their email (i.e. being able to get the code Steam sends)?

If you give away your login name, password and auth code to a phishing login, then these are captured and login-botted into a client and the user is instantly hijacked (NOT hacked)

2FA doesn't mean your account is magically protected and can never be compromised - it's just an extra security layer.

Originally posted by J4MESOX4D:

2FA doesn't mean your account is magically protected and can never be compromised - it's just an extra security layer.

... and people seriously need to stop believing this ♥♥♥♥♥♥♥♥. Yeah, I get it, it's a simple answer. Wrong, but simple, and simple minds love simple answers.
Don't change the fact that this is wrong and constantly get people into trouble.

Originally posted by Unn4m3d (♥AUT♥):

Because those sites ask for authenticator codes as well. Once you give them all the information...

Originally posted by J4MESOX4D:

If you give away your login name, password and auth code to a phishing login...

So this all goes back to the age-old common-sense basic security rules of never using the same username or password twice, and never clicking on a strange link. If these rules had been followed, his account wouldn't be hijacked right now. Right?

Originally posted by ReBoot:

Originally posted by J4MESOX4D:

2FA doesn't mean your account is magically protected and can never be compromised - it's just an extra security layer.

... and people seriously need to stop believing this ♥♥♥♥♥♥♥♥. Yeah, I get it, it's a simple answer. Wrong, but simple, and simple minds love simple answers.
Don't change the fact that this is wrong and constantly get people into trouble.

What's wrong about it? Not sure here if you're agreeing or disagreeing with what he said.

Originally posted by Kenpoleon Bonaparte:

Originally posted by Unn4m3d (♥AUT♥):

Because those sites ask for authenticator codes as well. Once you give them all the information...

Originally posted by J4MESOX4D:

If you give away your login name, password and auth code to a phishing login...

So this all goes back to the age-old common-sense basic security rules of never using the same username or password twice, and never clicking on a strange link. If these rules had been followed, his account wouldn't be hijacked right now. Right?

Common sense will always apply but people who don't understand the working concept of 2FA seem to think that it's a magical aspect that will protect their account until the end of time which is why they behave carelessly in using 3rd party sites.

2FA is primarily a fall-back so if your login name and password are captured then the hijackers still need a live auth code which is a lottery jackpot guess in normal terms but when users just give away all fields to a phishing-capture login then it renders every credential worthless.

Originally posted by J4MESOX4D:

...but when users just give away all fields to a phishing-capture login then it renders every credential worthless.

Got it. Thanks for the explanation.

Mine sent this: Get $50 to steam balance (LINK REMOVED)

I was out of town and my friend clicked it and said he's locked outa his acct. He's working on getting it back. that's the exact message it sent. i logged outa all devices and logged back into my phone and PC

Originally posted by Average_Fella:

Mine sent this: Get $50 to steam balance {REDACTED!}

I was out of town and my friend clicked it and said he's locked outa his acct. He's working on getting it back. that's the exact message it sent. i logged outa all devices and logged back into my phone and PC

Why on Earth would you post a malicious link on the forums?

Originally posted by hs:

I recently got a dm on disc asking if i got hacked on steam, I went over to check and saw nothing out of the usual but when I went to my Steam DMS, I saw there was one link that was sent saying "sup, gift steam $50 balance for you, just claim it" with a link of a supposedly link telling him to redeem it. But I hadnt sent it, so was I hacked? I have steamguard up and malwarebytes but nothing is showing. Can i get some help

ya, I keep getting random chats from people telling me to claim 50 dollar cards. I keep trying to report them but it keeps happening from the same person