所有討論 > Steam 討論區 > Steam Discussions > 主題細節
此主題已被鎖定
Chaos_enjoyer 2024 年 11 月 30 日 下午 12:43
Something very strange with part of the steam system
Something very strange with part of the steam system


I know how this may sound, but listen.

Nothing unusual
I got hacked using phishing or something, somehow got a mega super secret code from Steam Guard, and sold my inventory items.

Oddities
Based on the account login history, it is clear that I was the last one to log in and out of it, I did not put anything up for sale, letter about the sale of an item arrived in the mail 50 minutes after I logged out of my account.
A few hours later I saw a letter, I began the restoration procedures and logged into my account, looking at the login history it was clear that after me no one entered or exited my account, how could someone sell items without logging into the account?

Multiple users cannot be in the same account at the same time, so it turns out that these sales were carried out by the Steam system without my consent or knowledge?

By the way, just to clarify, after selling my items, someone simply put up some garbage for the required amount and bought it with money from my items,another funny thing is that one of these rubbish purchases was canceled, and they returned the money to me, or rather they put it on hold.
I wrote to support with questions about this,they simply sent a standard letter and closed the request

Has anyone had similar nonsense?
此主題的作者已將一篇留言標為問題解答。
點擊此處前往該留言。
引用自 J4MESOX4D:
引用自 Chaos_enjoyer
引用自 J4MESOX4D
This is a common occurrence when you allow your account to become compromised. Secure it and your device with the following steps:-

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Support didn't close your tickets - the scammers are auto-closing them to prevent you from securing assistance, although any items or money lost this way are not returned.
Okay, maybe they closed the request to technical support, but how can you explain the lack of login and logout from my account in the login history?This cannot be erased or edited.
They likely cloned your session ID. Main thing you should be focused on how you allowed this to happen. Your mobile device could be compromised too.
< >
目前顯示第 1-15 則留言,共 24
J4MESOX4D 2024 年 11 月 30 日 下午 12:50 
This is a common occurrence when you allow your account to become compromised. Secure it and your device with the following steps:-

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Support didn't close your tickets - the scammers are auto-closing them to prevent you from securing assistance, although any items or money lost this way are not returned.
#1
NS Plover 2024 年 11 月 30 日 下午 12:51 
They used your login - have you checked the devices that have logged into your account?
#2
pckirk 2024 年 11 月 30 日 下午 12:51 
You gave your steam credentials out. That is the only way someone can get into your steam account. Steam Account security is the responsibility of the account holder, not steam.

Your account was phished / hijacked. Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

4. Change passwords from a trusted/clean device.

5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Steam will NOT return lost funds or Items.

https://help.steampowered.com/en/wizard/HelpWithAccount
#3
Chaos_enjoyer 2024 年 11 月 30 日 下午 12:54 
引用自 J4MESOX4D
This is a common occurrence when you allow your account to become compromised. Secure it and your device with the following steps:-

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Support didn't close your tickets - the scammers are auto-closing them to prevent you from securing assistance, although any items or money lost this way are not returned.
Okay, maybe they closed the request to technical support, but how can you explain the lack of login and logout from my account in the login history?This cannot be erased or edited.
#4
Chaos_enjoyer 2024 年 11 月 30 日 下午 12:57 
引用自 pckirk
You gave your steam credentials out. That is the only way someone can get into your steam account. Steam Account security is the responsibility of the account holder, not steam.

Your account was phished / hijacked. Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

4. Change passwords from a trusted/clean device.

5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Steam will NOT return lost funds or Items.

https://help.steampowered.com/en/wizard/HelpWithAccount
For God's sake, I'm
not asking for help with protecting my account, I screwed up somewhere a couple of years ago and I was hacked, pay attention to the words about the lack of information about logging in and logging out of your account, this cannot be covered up or edited, this is what lies in the steam system itself .
#5
此討論串的作者認為本留言為原主題提供了解答。
J4MESOX4D 2024 年 11 月 30 日 下午 12:57 
引用自 Chaos_enjoyer
引用自 J4MESOX4D
This is a common occurrence when you allow your account to become compromised. Secure it and your device with the following steps:-

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Support didn't close your tickets - the scammers are auto-closing them to prevent you from securing assistance, although any items or money lost this way are not returned.
Okay, maybe they closed the request to technical support, but how can you explain the lack of login and logout from my account in the login history?This cannot be erased or edited.
They likely cloned your session ID. Main thing you should be focused on how you allowed this to happen. Your mobile device could be compromised too.
#6
J4MESOX4D 2024 年 11 月 30 日 下午 12:58 
引用自 Chaos_enjoyer
引用自 pckirk
You gave your steam credentials out. That is the only way someone can get into your steam account. Steam Account security is the responsibility of the account holder, not steam.

Your account was phished / hijacked. Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

4. Change passwords from a trusted/clean device.

5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Steam will NOT return lost funds or Items.

https://help.steampowered.com/en/wizard/HelpWithAccount
For God's sake, I'm
not asking for help with protecting my account, I screwed up somewhere a couple of years ago and I was hacked, pay attention to the words about the lack of information about logging in and logging out of your account, this cannot be covered up or edited, this is what lies in the steam system itself .
If you were compromised two years ago and you didn't adequately secure your account, the scammers had access the entire time through a reserved session. They only struck when there was a payoff to be had. People can be hijacked for months/years.
#7
Chaos_enjoyer 2024 年 11 月 30 日 下午 1:02 
引用自 J4MESOX4D
引用自 Chaos_enjoyer
Okay, maybe they closed the request to technical support, but how can you explain the lack of login and logout from my account in the login history?This cannot be erased or edited.
They likely cloned your session ID. Main thing you should be focused on how you allowed this to happen. Your mobile device could be compromised too.
never hear about "cloned session ID" Apparently it's time to go to the forest, thanks for info
#8
Chaos_enjoyer 2024 年 11 月 30 日 下午 1:06 
引用自 NS Plover
They used your login - have you checked the devices that have logged into your account?
There's no way to find out
#9
Chaos_enjoyer 2024 年 11 月 30 日 下午 1:11 
I think I got all the answers, but the question is whether it’s worth using steam guard at all. Authorization via mail looks much better.
#10
NS Plover 2024 年 11 月 30 日 下午 1:25 
引用自 Chaos_enjoyer
引用自 NS Plover
They used your login - have you checked the devices that have logged into your account?
There's no way to find out
If you look under your account settings you can see the devices - if you don't recognize one remove it.
#11
NS Plover 2024 年 11 月 30 日 下午 1:33 
引用自 Chaos_enjoyer
I think I got all the answers, but the question is whether it’s worth using steam guard at all. Authorization via mail looks much better.

I think you should always use steam guard - it's not the same thing as the steam app and I think you need it for email notifications.

Whether to use the app really is about what you need. If you need quick market sales - you need it.
#12
Chaos_enjoyer 2024 年 11 月 30 日 下午 1:33 
引用自 NS Plover
引用自 Chaos_enjoyer
There's no way to find out
If you look under your account settings you can see the devices - if you don't recognize one remove it.
There are only my devices there, I guess someone noticed the traces behind them.
And so I changed the passwords, steam guard, logged out of all devices several times, checked the PC for viruses, protected the browser, is this enough or is it better to reinstall Windows through the BIOS?
#13
J4MESOX4D 2024 年 11 月 30 日 下午 1:48 
引用自 Chaos_enjoyer
引用自 NS Plover
If you look under your account settings you can see the devices - if you don't recognize one remove it.
There are only my devices there, I guess someone noticed the traces behind them.
And so I changed the passwords, steam guard, logged out of all devices several times, checked the PC for viruses, protected the browser, is this enough or is it better to reinstall Windows through the BIOS?
No need to reinstall windows as the above steps is enough to ensure your device is clean and your account is secure. You likely got compromised years ago when Steam Guard used codes only, and gave your credentials away to a phishing link. You were then shadow-hijacked without your knowledge and the scammers could just sit idle until there was a payoff to be had.

Steam Guard is much more secure now - mail is still viable as long as you don't infect your PC with targeting malware but mobile guard is also stronger because of the one-touch login confirmation.
#14
NS Plover 2024 年 11 月 30 日 下午 1:53 
引用自 Chaos_enjoyer
引用自 NS Plover
If you look under your account settings you can see the devices - if you don't recognize one remove it.
There are only my devices there, I guess someone noticed the traces behind them.
And so I changed the passwords, steam guard, logged out of all devices several times, checked the PC for viruses, protected the browser, is this enough or is it better to reinstall Windows through the BIOS?


I'm not an expert - some of the previous post have suggested a list of standard things.

If it were me - I'd follow the instructions to reclaim my steam account - and then I would copy all files I cared about onto a usb drive and reinstall windows. I would disable use of the app in case my phone had the problem. I would connect to email and change my password. I would give my device a different name and when logging into steam I would remove any device that wasn't that name.

But maybe I'm a bit extreme...
最後修改者:NS Plover; 2024 年 11 月 30 日 下午 1:58
#15
< >
目前顯示第 1-15 則留言,共 24
每頁顯示: 1530 50

所有討論 > Steam 討論區 > Steam Discussions > 主題細節
張貼日期: 2024 年 11 月 30 日 下午 12:43
回覆: 24
開始新的討論串

討論區規矩與守則