Установить Steam
войти
|
язык
简体中文 (упрощенный китайский)
繁體中文 (традиционный китайский)
日本語 (японский)
한국어 (корейский)
ไทย (тайский)
Български (болгарский)
Čeština (чешский)
Dansk (датский)
Deutsch (немецкий)
English (английский)
Español - España (испанский)
Español - Latinoamérica (латиноам. испанский)
Ελληνικά (греческий)
Français (французский)
Italiano (итальянский)
Bahasa Indonesia (индонезийский)
Magyar (венгерский)
Nederlands (нидерландский)
Norsk (норвежский)
Polski (польский)
Português (португальский)
Português-Brasil (бразильский португальский)
Română (румынский)
Suomi (финский)
Svenska (шведский)
Türkçe (турецкий)
Tiếng Việt (вьетнамский)
Українська (украинский)
Сообщить о проблеме с переводом
Правила обсуждений
Пожаловаться
Not a single outside site can be trusted no matter how many random nobody YouTubers tell you otherwise. Not a single site, nor Steam Group, can be trusted no matter how many people use it (or claim to use it) and tell you it is safe, or they never had a problem.
Never vote for someone's team.
Never try to get that $50 gift.
Never listen to anyone on Discord saying they accidently reported you ...
...or that they are an admin ... or that they want to be friends and/or trade.
Trust no one.
Bro is literally a bot responding to a post he didn't read.
At some point down the line, you gave away your log in information to a scammer or a scam website. They then used that to set up an API on your account so they can sit on it and bypass all the notifications when they were ready to strike.
For every single person that has claimed to never have clicked a link, or used a scam website, it invariably turns out that at some point in the past they did exactly that. Every. Single. Time.
First, glad you got your account back.
Now, to be on the safe side, do these:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
As others have said, the only way to lose a Steam account is to give access to someone else. Either you, your girlfriend, or someone else who had access to your login credentials is responsible. You might not even remember when it happened -- or be aware of it -- as account are not always hijacked at the moment they are initially phished. The phisher may have sat on the information for weeks or months. But at some point, you were likely steered into giving your information out.
Perhaps you (or your girlfriend) were scared into thinking you about to be banned. You might have logged into a Steam to receive a 50 USD gift card, or been asked to vote for a team. Maybe you were offered beta access to something. It doesn't matter exactly what. The point is, you would have tried to log in and been presented with an error message or you literally gave your info in a chat session or Discord message.
There is no other way for your account to be compromised.
There's no way to know or guess with any accuracy at all the circumstances you're omitting or aren't aware of. Ultimately your ignorance isn't something we need to overcome. You can believe l33t h4x0ring is how your account got hijacked, and you can use that as an excuse to not have to learn anything or do more to secure your account, but you do it at your own peril. No one needs to satisfy you.
Although, one thing you don't seem to be aware of is arbitrarily starting on December 24th and only counting time between then and theft, is that you could have compromised it weeks ago, months even and the hijacker only got back to it now. That's some useful information to you and methinks you're not to eager to thoroughly and accurately document everything you've done for the last several weeks or months, even if it were possible for you to do so. And therein lies the problem to your petulance. You don't know what happened and dismissing scenarios that ding your ego isn't some kind of gotcha.
What did you do BEFORE the 24th?
Yes... BEFORE...
A good scammer do not immediatly commit their crimes... they WAIT... can keep their stash of stolen accounts for a VERY long time... even YEARS...
They collect stolen acounts so that they have like 300-500 and then slowly use them up...
And so be it... I am a "dumbass, you got phished at some time in the past" ♥♥♥♥♥♥♥... because thatg Is the very truth...
* You can expect half the posts to come from people who respond without reading. There's a special order of attention deficit going around here.
* At least one person will say "it's literally impossible to get hacked unless you gave them your details", because.. well they're pretty clueless and don't know any better.
Thiesen's response is probably the most sober:
That would be worth investigating, because it might've happened weeks or months ago.
I've been in touch with a few people with stories similar to yours, and also saw a few posts floating around with the same backstory. They didn't click any links, they have steam guard, and still this happens. Can't vouch for all of them, but the ones I talked to aren't technically incompetent people. Best we could tell, they'd been infected with malware from somewhere which performed invisible automated actions on their behalf via their PC. Not certain, but that's what the evidence pointed at given their stories.
And most people here seem to have little idea how software works, or that your operating system, browser, applications, or even your router and phone, can have security holes which occasionally get exploited, usually by automated or semi-automated malware. Once something like that gains a footing, it'll usually go for cleaning house of whatever's valuable, including stuff like steam accounts.
Could've been that. Or could've been something you did or some site you visited months ago. It is unlikely, but perfectly possible, to compromise your phone and thus steamguard, overlay the app to camouflage sus activity, change your password, and clean your account, because once you have control of the pc/phone/app, there's no need for indirections like phishing, controlling the device means controlling whatever is running on it.
Impossible to say what happened to you, idk the details of what you've been up to, but perhaps you should retrace your steps like Thiesen suggested.
Some reports also indicate that there are security flaws in steam's systems that get exploited from time to time. Not impossible, it's software like everything else, it can have holes too, and if you're subtle and don't abuse it too often it could go unnoticed for a long time. People hacked into microsoft, sony, telecoms, solarwinds.. all of them went undetected for a long time. Steam isn't immune. It's unlikely, but by no means impossible.
But that's speculation based on anecdotal evidence. I'm mentioning it simply because there's been several reports in the past of guarded accounts getting compromised silently, where the options were either:
1) Person is lying through their teeth and fabricating a complete fairy tale.
2) They were infected with seriously slick, very polished and well prepared malware.
3) Some part of steam's systems was exploited or compromised.
so... *shrugs* Who knows. I'm mostly just posting to throw in some perspective so it's not just a wall of "lol you clicked a link idiet".
From what you're saying, my guess would be an infection with well prepared malware. If so, who knows how you got it. Like I said, saw a few other stories just like yours, and talked to a few of those people who had exactly this scenario transpire. Still not sure what that's about.
ps: Contact a professional security/penetration tester, write "moden computing device" on a box, give it to them and present them with a safe and a block of swiss cheese and ask them which resembles the box most. They will pick the cheese, every time. That's a sobering perspective, too.
GUESSING your account name.
GUESSING your password.
GUESSING the 2FA code that changes every 30s.
All of those guesses needs to match.
It's extremely unlikely that it is anything else.
If Valve was to be compromised in some way that allow "hackers" to access random account at will, we would know. Oh hell ♥♥♥♥♥♥♥ yes, we would know.
All rational thought goes straight out the window for these millennials or gen xer's who grew up on the instant gratification and all stuff is free mentality.
You gave away your details and are too ashamed to admit it.
2FA is useless if you give away the codes.
https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60
Seriously though you do realize the grioundwork for an account take over can be set up weeks even months before it actually happens right?
So consider everiy thing you've done on that account over the last yeart. You sure you didn't click on anything you shouldn't have?
Of course we are granting that you're telling the truth and not leaving anything out.
You gave away the account info.