安装 Steam
登录
|
语言
繁體中文(繁体中文)
日本語(日语)
한국어(韩语)
ไทย(泰语)
български(保加利亚语)
Čeština(捷克语)
Dansk(丹麦语)
Deutsch(德语)
English(英语)
Español-España(西班牙语 - 西班牙)
Español - Latinoamérica(西班牙语 - 拉丁美洲)
Ελληνικά(希腊语)
Français(法语)
Italiano(意大利语)
Bahasa Indonesia(印度尼西亚语)
Magyar(匈牙利语)
Nederlands(荷兰语)
Norsk(挪威语)
Polski(波兰语)
Português(葡萄牙语 - 葡萄牙)
Português-Brasil(葡萄牙语 - 巴西)
Română(罗马尼亚语)
Русский(俄语)
Suomi(芬兰语)
Svenska(瑞典语)
Türkçe(土耳其语)
Tiếng Việt(越南语)
Українська(乌克兰语)
报告翻译问题
讨论规则及指引
举报此帖
Your account is compromised.
Scan for malware. https://www.malwarebytes.com/
Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
Also, read up on the API scam...
https://www.reddit.com/r/GlobalOffensiveTrade/comments/a5t6kc/psa_huge_csgo_youtuber_fell_for_the_fake_site/
https://forums.steamrep.com/pages/hijacking/
I deauthorized already.
I changed my password and reclaimed my steam mobile authenticator.
I revoked the api key.
But how did he get my auth code to enter the account in the first place?
And how did i not get the steam sms to change my authenticator?
You gave away your... ugh... Did you read my entire reply?
Also: that support follows the item restoration policy in your case (as in others) doesn’t make ‘em useless.
How did he manage to change the app from being on MY phone on HIS phone instead.
I suggest that you deauthorize all steam logins once in a while and check for suspicious activity on the mobile app asking you to confirm anything that you're not aware of.
Read the last 2 links i posted for more info on the api scam.
Valve should take those steps?
Other than that, no one traded me anything recently and I haven't made any trades in the past month.So the Api scam kinda doesn't apply here.
Steam has a "Sign in through Steam" feature where you can pass your public account info to a thrd-party website. Legit third-party websites will use this so they can associate your account there with your Steam profile. But, websites don't need to be legit to have a button that says "Sign in through Steam". In fact, you can make webpages that look like pretty much anything these days.
So, now, this hypothetical website has a "Sign in through Steam" button. What happens when you click it? The site produces a new window with a "Sign in through Steam" prompt, that lets you sign in with Steam. ...well, actually, it's not a new window. It's a frame within that same webpage, but skinned to look like a new window, based on reading your browser's "useragent" string (which tells sites what browser you're using).
Also, suspiciously, it asks for you to put your Steam username and password. This would be suspicious if you were already logged into Steam in that browser of yours, because "Sign in through Steam". But since a lot of people use Steam's (crappy, IMO) built-in browser to browse Steam, they might not catch this, since even a legit "Sign in through Steam" would ask them for their username and password too.
So let's say you put in your username and password. It's not a real Sign in through Steam page, so what happens is that the website captures both, and then passes it to another computer that really is signing in on Steam. It inputs both and attempts to sign in. Now, Steam needs a mobile auth code, right? So, Steam asks that computer for a mobile auth code...and that computer tells the website to ask you for your mobile auth code...as part of that fake "Sign in through Steam" page.
You need to work out how this happened and how you allowed other things to occur. We've given you the basis but you need to work out how severely compromised you were and possibly still are in regards to other devices.