All Discussions > Steam Forums > Steam Discussions > Topic Details
This topic has been locked
Mrbuddyoldpal Oct 12, 2023 @ 7:00pm
Phishing Link Sent from My Account to All My Friends Through Steam Chat
Has anyone else experienced this phishing attempt recently? I woke up today to my account seemingly sending this message to all my steam friends, all at 12:08 pm:

"Steam gave me $50 today in honor of the fall sales -
[Phishing link was posted here]"

I don't want to post the actual link here because f**k scammers, but within the link, it misspelled community in "steamcommunity.com" to make it seem legit at a first glance.

Obviously, I wouldn't send a phishing link en-mass to all my friends (plus Steam would never just give anyone free money, so that was really the first giveaway to me). I checked to make sure my account was not hacked/logged in to on another device, but I have 2FA enabled, so I would have immediately been notified both by the steam app, and through email if someone was trying to log into my account. I went ahead and changed my email and password anyway, just to be on the safe side.

But I just want anyone else's input as to how the hell a bot bypasses 2FA and send everyone I know a phishing link through Steam chat without Steam ever notifying me or thinking my account has been compromised?
< >
Showing 1-8 of 8 comments
Nerdlin Geeksly Oct 12, 2023 @ 7:08pm 
Steam has been compromised in a hack recently, although they currently have said it's just game dev accounts that have been hit, but in any case if someone is sending phishing scams through your account then you NEED to change your password to both your steam account and the Email linked to it ASAP before the hacker does.
Send a message to steam support about this as well.
#1
cSg|mc-Hotsauce Oct 12, 2023 @ 7:10pm 
Originally posted by Nerdlin Geeksly:
Steam has been compromised in a hack recently, although they currently have said it's just game dev accounts that have been hit, but in any case if someone is sending phishing scams through your account then you NEED to change your password to both your steam account and the Email linked to it ASAP before the hacker does.
Send a message to steam support about this as well.

This has nothing to do with game devs accounts being hijacked.

This (the topic here) is a decade old type of scam.

OP... All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

:summercat2023:
Last edited by cSg|mc-Hotsauce; Oct 12, 2023 @ 7:12pm
#2
Mrbuddyoldpal Oct 12, 2023 @ 7:23pm 
Originally posted by cSg|mc-Hotsauce:
Originally posted by Nerdlin Geeksly:
Steam has been compromised in a hack recently, although they currently have said it's just game dev accounts that have been hit, but in any case if someone is sending phishing scams through your account then you NEED to change your password to both your steam account and the Email linked to it ASAP before the hacker does.
Send a message to steam support about this as well.

This has nothing to do with game devs accounts being hijacked.

This (the topic here) is a decade old type of scam.

OP... All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

:summercat2023:

Thanks for the advice! Shame how even though I do everything Steam tells me to do to secure my account, it doesn't look like Steam does everything they can do to protect their user's accounts against stuff like this.
#3
Fake Oct 12, 2023 @ 10:30pm 
Originally posted by Mrbuddyoldpal:
Originally posted by cSg|mc-Hotsauce:

This has nothing to do with game devs accounts being hijacked.

This (the topic here) is a decade old type of scam.

OP... All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

:summercat2023:

Thanks for the advice! Shame how even though I do everything Steam tells me to do to secure my account, it doesn't look like Steam does everything they can do to protect their user's accounts against stuff like this.
If you did everything to protect your account, your account wouldn't be compromised.

It's an old scam and clearly it still works.
#4
Anonymous Helper Oct 13, 2023 @ 12:20am 
Originally posted by Mrbuddyoldpal:
it doesn't look like Steam does everything they can do to protect their user's accounts against stuff like this.

Valve can't really stop people from freely giving away their account credentials and giving scammers full access to their accounts. No amount of security will stop that from happening.
#5
Cathulhu Oct 13, 2023 @ 1:08am 
Originally posted by Nerdlin Geeksly:
Steam has been compromised in a hack recently, although they currently have said it's just game dev accounts that have been hit, but in any case if someone is sending phishing scams through your account then you NEED to change your password to both your steam account and the Email linked to it ASAP before the hacker does.
Send a message to steam support about this as well.
Nonsense. Steam servers haven't been compromised. A few game dev accounts were hijacked in targeted phishing attacks though.
#6
BJWyler Oct 13, 2023 @ 1:18am 
Originally posted by Mrbuddyoldpal:
Thanks for the advice! Shame how even though I do everything Steam tells me to do to secure my account, it doesn't look like Steam does everything they can do to protect their user's accounts against stuff like this.
Steam accounts get hijacked because the user gave away their account credentials, or downloaded malware designed to capture those credentials. Simple as. It doesn't matter what Valve does to try to protect accounts when the end user bypasses all of that and hands the keys over to the scammers.

I would suggest you review your browsing habits as that is most likely how your account was hijacked.

That team you voted for? Scam.
Someone on Discord mistakenly reported you? Scam.
That website you visited for gambling and skins? Scam.
#7
Steven Oct 13, 2023 @ 1:51am 
If you need help with Account Security or Recovery, please contact Steam Support.
#8
< >
Showing 1-8 of 8 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Oct 12, 2023 @ 7:00pm
Posts: 8
Start a New Discussion

Discussions Rules and Guidelines