Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Only you know your log in username... No one else.
Accounts are phished not hacked.
You gave away all your account details.
The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.
How? by either logging into a known scam site or item sell sites, fake steam log-in websites, or by tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.
How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.
The alternative is not plausible:
1) Someone would have to "GUESS" your account name from "millions of possible combinations".
2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".
3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.
Your account was phished / hijacked. Follow steps 1- 7 to secure your account:
1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
7. Make sure your steam recovery email account is secure
Steam will NOT return lost funds or Items.
So the variable has to be you. That doesn't mean they're accusing you of losing your account on purpose. It just means that something you did (probably accidentally) let the thieves in.
The scammers can sit On that information for YEARS untill they get to your account...
YOU WHERE PHISHED!!!
This is where you are wrong. Phishers can sleep on accounts for years before they try the login information or do anything else with it. All this tells us is that you didn't change your credentials at all during that time.
Ture. I even read about a person waiting 5 years to go back to a alternative account.
I app the help...
I certainly didn't give my details at least willingly. I would never do that.
I have been using windows 7 up until the hack. The desktop that has it is never going to have internet again. W7 had a good run. If I known this would happen i would of not used it. This is a good but only reason I am not going to go online with it anymore. I have had my account since 2011 and will protect it at all cost. I am vehemently against anything after Win7. Just because there are EVIL ppl out there doesn't change the fact. This is a humanity problem.
I will be using my steam deck from now on. Does it suck? sure. But I still have my account minus 9 dollars. I just go to the normal sites as I have done. I have windows defender and malwarebytes and neaither detected any infection.
Steam claims i auth it 1y 4m ago. Which I don't buy it. My friend who does security says win 7 is old and has security problems which might explain that.
So im not going to do scan as nothing is going to show up. Im thinking it was just a windows 7 vulnability which would also explain why my 2FA did absolutly nothing and didnt notify me of anything. I was notified about it when steam sent me emails saying my stuff was being posted. Ididnt do anything but deauthorized it and it seemed to stop it. I took a screenshot and it said " Sha Kiu Tsuen, Hong Kong, HK (103.97.2.41)" I have never been to Chyna
As phishing goes I never entered my info into anything that wasnt Steam. Nor was I contacted by anyone to my knowledge eaither. I don't think blaming the user so much and pushing that solves anything
To make this stop...
1) I think what SHOULD be done is that you should be able to lock you account access say for instance if you live in texas. You can lock all access to outside ur state. Unless you are going on vacation youcan auth only 1 or more devices you aregoing to take. Im sure the system can tell that.
2) There should be a limit how many trades you can make in a minute. Im thinking of 5. It definitely limits these trades. Or you would have to go to your email and send a reply to say a trade server. You can turn this off or on at will. Even if you don't want to go through. It would be on by default. Or a hard limit of say 10 trades per day. Everything has aback up/limit. Giving the user MUCH needed time to find out.
3) There needs to be some kinda panic/lockdown button automatic or there are so many trades. I prob lost 10 items a minute, posibly more. Its extremely obvious thats a hijacked account.
I might be able to think of more but im autistic and have all ready made a superior system.
My only "crime" is being poor
2) Just checked. My account details are still the same
3) already de-authorized devices the day that it happened
4) password was changed on safe device. (its MUCH stronger/longer and completely random that only I know)
5) new codes generated
6) I have no idea what an APIKEY is can you explain? Is it safe to click that link you gave me? I look it up something about on your website. I don't have a website. I dont understand.
7) My email has never been hacked and I have had it for a very long time. So im good there. even have it bio-locked as well.
You have been more helpful that support and I really app that, really. Thank you!
All that, and you missed this.........
You are responsible for the confidentiality of your login and password and for the security of your computer system. Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.
https://store.steampowered.com/subscriber_agreement/
and this:
Watch out for Account Hijacking:
NEVER give out your password to anyone.
NEVER click unknown links from untrusted sources, and check links sent by your friends. Their account may be compromised!
NEVER follow instructions to speak with someone claiming to represent Steam Support through Discord or any other chat system, even if they come from a friend's account or claim to be able to resolve a false report.
ALWAYS make sure you log out when finished at a cafe! Deauthorize untrusted device immediately if you forgot to log out.
https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60
You did give them away. Willing or unwilling, it's the only way a hijack happens.
The IP said is was some place in Hong Kong. If that doesn tell you its not me then nothing will. I have a feeling it was bc I was using Win7 as my thinking was that if something isnt broken dont fix it. The desktop i normaly use will never be on line any more to be absolutly sure. Sure it sucks but its better than being hacked/hijacked. I guess this is the only reason i will stop using Win7. Its been great and flawless up to this point. I have looked around and I saw a post saying this has happend to 77,000 account. I am thinking this is prob caused by ppl using old operating systems like Win7. I did exaclty what the previous post said to do 0 the API thing as I have to click on a link and something I have 0 knowledge of. Im not a cycber security person, im a welder. I would never think the average person or even gamer would understand such things. I bought and got all my items back and it only cost less than 9 dollars. I would have certainly payed more tha 9 dollars. Based on the evidence I am conviced it clearly was a professional as my 2FA did not work or notify me about this. Pointing to Win7. They used a program to sell 10 items a minute. But I deauth before it got worse and everything is ok....I will say i don't wish this on anyone. F such "people" of course. Its clear it was to collect money or at the very least screw with ppls account. Just bad eaither way. Its obvious there are others than I found had there items randomly sold. My heart goes out to them. There needs to be some type of awareness for those that understand security. I have listed many reasons above me ways to stop if not ever start. Im sure it was to find vulnerabilities. My OS just happened to have it. Being poor is absolutely punished in society,
I will say demonizing the user so much doesnt help anyone. This is just offensive and im very rarely offended. there is absolutly ways to prevent this. ANYBODY can fall for anything. It doesnt mean its there fault. Steps need to be done in this case Steam to auto lock accounts that for instant sell 10 fackin items a minute for one. Its like common sense isnt a thing anymore. Because ppl make mistakes esp on accident blaming and pointing fingers only divides us...
Thats my thinking. because no of this happend in the years i have had steam. I just used Win 7 bc i never had an issue with it. Im just going off my limited knoledge. I will agnoledge I should have jsut used my steam deck. Its unfortunate this happends to anyone. I wouldn't have stopped using it since Its by far the best OS. being hacked/hijacked is simply a human problem. Nobody even agnoledged it. Besides the win 7 i believe it was prob unevitable and it makes since why 2fa did nothing and that steam says i auth it 1y 4m ago and the access said freakin hong kong. If that doesnt tell you it wasnt me then NOTHING WILL. thx for your understanding which steam seems incapable of. I exspect better from steam reguardless.
xp i understand. hospitals still use it. but win7 and 8 got a free update path to win10 and 11