Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
What does this URL tell you: https://steamcommunity.com/dev/apikey
... most likely you'll find one or more entries in there; that shouldn't be the case. Thing is: such API keys don't get there on their own.
Most likely through phishing, as ShelLuser already said.
Have you secured your account in the meantime?
I haven't visited any site at all or log in with this account anywhere. This account is used only on 2 computers which is my main Desktop and my Laptop. That's it. I don't gamble or go to sites that promise "free stuff", "giveaways" or anything like that. Also, what's that link? It says to register my API which I don't really know what's that to be honest.
I did change the password and deactivate and activate the Steam mobile guard again but that's all I can really do..
Take the following steps to secure your account:
1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey
Do not trade until your account is secured.
Disabling and re-enabling Steam Guard was a bad idea:
The Steam API key; Steam provides an API that allows you to access your account data from a remote location through use of the API. Of course such requests need to be authenticated, which is where the API key comes in.
Normally you don't need this, but scammers and phishers use this method to gain "background access" to accounts. So you try logging into a scam site, then they use that data to log into Steam using your account and place the API key.
However... I overlooked something in your original post: an API key wouldn't have given them access to also authorize trades. That only happens if you have full access to an account. Since I'm quite sure there's nothing wrong with Steam's line of security measures you really need to triple check yours.
Thank you for the help.
1. I do have Malwarebytes installed both on the computer and the browser itself.
2. Email and phone number are still the same.
3. I did that earlier today but will do it once again.
4. I did that about an hour ago.
5. Will do this.
6. There isn't any key.
The only thing I can think of is the "KMSpico" on my computers. That's the only "pirated" thing that I use to activate the Windows. Everything except that is either payed or free version of the product. However, I use KMSpico for over 10 years and never had any problem with any of my accounts anywhere on the internet. Anyways, thank you for the help. I hope I "kicked" the person that had access to my account and he won't do anything worse than this in the future.
Were you asked by a Steam friend to vote for their team or to join a tournament? Did you use any third-party sites for trading?
No, I have only 5 friends that I play with and they're my real life friends as well. They don't participate in any kind of tournament or anything of that kind. Like I said previously, I didn't, I don't and I won't use any third-party sites to trade items on. I only use Steam and that's it. That's why I'm surprised how someone got control over everything on my account because I don't log in anywhere except 2 browsers and 2 steam clients.