Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Scan for malware. https://www.malwarebytes.com/
Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
The scam you're talking about sounds like one that uses a fake page that looks like a real "sign in through Steam" page. That fake page is used to make people think they're signing into their Steam account on the Steam site...except it's actually a fake browser window, complete with address bar and security symbol to look real.
Well I guess there is merit to the "don't even click on it" advice.
I was wondering whether there was some sort of password autofill going on, given that that's a very common browser feature these days that generally defaults to on...
The fact that it also bypasses the nag screen letting you know you are leaving Steam is another issue.
But the exploit was out of scope for the bounty program because it was considered social engineering.
Hopefully the mobile app update, when it ever releases, will have this somehow patched. In ValveTime.
The added security app with steam guard and stuff? The two factor app?
Leaks login details if you click a link, as if it wasnt 2fa?
For 3 years?
As i said, people with the app are targets, email auth was safer.
But surely after they get told about it, they will just add another "do this to keep the safety app safe",
dont click links.
So far we know "dont login, dont agree to trades someone changed on your behalf unknowingly to you without indication, dont click links". Then you are safe with the auth app....... well, or without it to be honest.