No need to "hack" your steam account or PC when you freely give away your login information to scammers or third-party trading/gambling sites. People report this all the time, see also:

https://old.reddit.com/r/Steam/comments/bvqs92/insanely_clever_steam_credential_stealing_scam/

https://old.reddit.com/r/Steam/wiki/scamtypes

https://forums.steamrep.com/pages/hijacking/

Originally posted by Orthopaktis:

It's a blatant security issue, and Valve as of yet refuses to even consider rectifying/restoring the losses, nor do they acknowledge the flaw exists at all.

"My machine was compromised but I want to blame Valve for not restoring my items"

If they were secure, they wouldn't have gotten hijacked.

Your items are gone.

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a trusted/clean computer.
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave away your log-in information. This could of been due to the computer being compromised and redirecting to a fake log-in, or you using a third party site to log in to Steam.

Once you are sure you have regained control, you can start trading again. Please triple check any trades you make to be sure they are going to the correct account.

After you have secured the account, please edit your profile back to normal, if it was altered by the hijacker/scammer.

You had to have steam guard disabled, you have to authorize a sale on any item that sells for more than $1 through steamguard. Unless everything was being sold for less than a dollar.

Originally posted by Phoenix:

No need to "hack" your steam account or PC when you freely give away your login information to scammers or third-party trading/gambling sites. People report this all the time, see also:

https://old.reddit.com/r/Steam/comments/bvqs92/insanely_clever_steam_credential_stealing_scam/

https://old.reddit.com/r/Steam/wiki/scamtypes

https://forums.steamrep.com/pages/hijacking/

Originally posted by Orthopaktis:

It's a blatant security issue, and Valve as of yet refuses to even consider rectifying/restoring the losses, nor do they acknowledge the flaw exists at all.

"My machine was compromised but I want to blame Valve for not restoring my items"

:clown_ooo:

Again, no third party Steam login was used. I don't trust them. I know where the hack came from, it had nothing to do with Steam and had everything to do with Minecraft modding.

The issue with Steam is an unsecured file.

Originally posted by ArcTheWolf:

You had to have steam guard disabled, you have to authorize a sale on any item that sells for more than $1 through steamguard. Unless everything was being sold for less than a dollar.

Steam Guard was definitely on. No attempt was made at removing it per email notifications, and the email itself was not only secure, but not even logged in on that PC since it's last reformat — I use it on the phone exclusively.

I even went so far as disabling and re-enabling Steam Guard after resecuring the account to ensure that there's no possibility they/he/she somehow had access to it.

Originally posted by ArcTheWolf:

You had to have steam guard disabled, you have to authorize a sale on any item that sells for more than $1 through steamguard. Unless everything was being sold for less than a dollar.

OP didn’t need to have the Guard disabled - the Guard isn’t a magical shield - their account was hijacked and OP gave the scammers their Gaurd code. This most likely happened months ago.

BTW: No one guessed a randomly generated, extremely time sensitive, 5 digit code. That could’ve only come from one source.

Originally posted by Orthopaktis:

Originally posted by Phoenix:

No need to "hack" your steam account or PC when you freely give away your login information to scammers or third-party trading/gambling sites. People report this all the time, see also:

https://old.reddit.com/r/Steam/comments/bvqs92/insanely_clever_steam_credential_stealing_scam/

https://old.reddit.com/r/Steam/wiki/scamtypes

https://forums.steamrep.com/pages/hijacking/



"My machine was compromised but I want to blame Valve for not restoring my items"

:clown_ooo:

Again, no third party Steam login was used. I don't trust them. I know where the hack came from, it had nothing to do with Steam and had everything to do with Minecraft modding.

The issue with Steam is an unsecured file.

Originally posted by ArcTheWolf:

You had to have steam guard disabled, you have to authorize a sale on any item that sells for more than $1 through steamguard. Unless everything was being sold for less than a dollar.

Steam Guard was definitely on. No attempt was made at removing it per email notifications, and the email itself was not only secure, but not even logged in on that PC since it's last reformat — I use it on the phone exclusively.

I even went so far as disabling and re-enabling Steam Guard after resecuring the account to ensure that there's no possibility they/he/she somehow had access to it.

Then they wouldn't have been able to sell anything for more than $1 because steam guard forces you to use the authenticator to confirm a listing before it's even posted. Additionally you can only post 50 listings a day if I'm remembering correctly before everything after that has to be done through the authenticator regardless of the price it's being sold for. So either you did in fact have steam guard off, they had access to your phone, or your phone is cloned. So which of the three options seems the most likely.

Originally posted by Bee🐝:

Originally posted by ArcTheWolf:

You had to have steam guard disabled, you have to authorize a sale on any item that sells for more than $1 through steamguard. Unless everything was being sold for less than a dollar.

OP didn’t need to have the Guard disabled - the Guard isn’t a magical shield - their account was hijacked and OP gave the scammers their Gaurd code. This most likely happened months ago.

BTW: No one guessed a randomly generated, extremely time sensitive, 5 digit code. That could’ve only come from one source.

I definitely did not. Again, I don't log into third party websites with my Steam. I don't even trust Google SSO, and only use it for trusted apps/games. I can 100% say it's not a case of an SSO compromise.

I have had 2FA on all my possible accounts and taken their security seriously for over a decade, ever since I lost my World of Warcraft account.

Originally posted by ArcTheWolf:

Originally posted by Orthopaktis:

Again, no third party Steam login was used. I don't trust them. I know where the hack came from, it had nothing to do with Steam and had everything to do with Minecraft modding.

The issue with Steam is an unsecured file.





Steam Guard was definitely on. No attempt was made at removing it per email notifications, and the email itself was not only secure, but not even logged in on that PC since it's last reformat — I use it on the phone exclusively.

I even went so far as disabling and re-enabling Steam Guard after resecuring the account to ensure that there's no possibility they/he/she somehow had access to it.

Then they wouldn't have been able to sell anything for more than $1 because steam guard forces you to use the authenticator to confirm a listing before it's even posted. Additionally you can only post 50 listings a day if I'm remembering correctly before everything after that has to be done through the authenticator regardless of the price it's being sold for. So either you did in fact have steam guard off, they had access to your phone, or your phone is cloned. So which of the three options seems the most likely.

Given that they weren't able to fully take control of the account and change it's password, they definitely didn't have access to my phone or email, and most likely didn't clone it, either. Steam Guard was definitely on, that I'm 100% certain of.

I know for a fact they accessed my account through a RAT on my PC, that I got from a non-Steam affiliated website. I know this because that's when it occurred, the same time the RAT took control, and took the Steam account files. Said compromise didn't include my phone at the time, because my mobile hadn't actually been connected to the home network for months, so it didn't spread to the phone either.

My theory is that the cookie file used to save logins on the PC had the account info saved in a format that allowed them to use it to "log in" on a mobile device by replicating the account info in the Steam mobile cookie format, giving them access to my account's Steam Guard in the process.

tldr; they cloned my PC login information onto a mobile platform, and confirmed the market transactions there.

The only thing that makes me question that conclusion is that I never received market notifications on my phone, which I think should have still shown in the notification bar due to the way Android works, even after they confirmed it from a separate device.

Further, from what I can see, they actually sold off everything for chump change, around a dollar each at most, even things worth $50. So it seems like you may have answered your own question — they didn't bypass Steam Guard because Steam Guard wasn't necessary for the miniscule prices they put up. For all I know, they sold these items to secondary accounts, that then sold them for the real profit, all while skipping over any need for Steam Guard conformations.

What do you expect an encrypted file based on what your PC serial? TPM maybe?
Steam is a glorified web browser, and just like other web browsers the cookies are in a simple unencrypted file.

You put Steam in a insecure environment. and tbh you did something less than intelligent.
Valve isn't at fault, you let someone else into your computer.
Even if the file was encrypted they were already in your main device, they could just have sold everything from your own desktop when they knew you were away.

All of this is on you. Btw the file that you are referring to is tied to the platform, it wouldn't work on mobile.

Look OP. If you're going to make a thread and ignore everything that anyone tells you, then there was no point in making it.

Steam accounts are hijacked, not hacked. This only happens when you leak your account login information somewhere. There is no other reason.

So, do the steps above and secure your account, because if it happens again, you may not just get your items stolen. If your account is used to cheat while it is hijacked, you are responsible for any and all bans applaud to the account as you are responsible for any actions on your account and the security of your account.

Almost forgot: Whatever you meant by RAT (I assume some malware) needed to be executed.
It wouldn't just magically run in your computer just by browsing a website, which means you executed a file. Malware isn't magic.

Valve can't (and shouldn't) protect you from your own actions, you downloaded and executed a file without looking into it first.

Originally posted by Izzy:

What do you expect an encrypted file based on what your PC serial? TPM maybe?
Steam is a glorified web browser, and just like other web browsers the cookies are in a simple unencrypted file.

You put Steam in a insecure environment. and tbh you did something less than intelligent.
Valve isn't at fault, you let someone else into your computer.
Even if the file was encrypted they were already in your main device, they could just have sold everything from your own desktop when they knew you were away.

All of this is on you. Btw the file that you are referring to is tied to the platform, it wouldn't work on mobile.

They didn't access Steam remotely, the RAT was dealt with and the computer was wiped/reformatted the same session it was infected, I didn't go away allowing it to be used. As soon as the infection occurred, it was detected/realized, and after a few attempts at killing it, I killed the system and defaulted to reformatting.

They grabbed files, and used that to access the account on another device. I know that's how they did it, because I also seen the account active, playing games.

The fact that it's a glorified web browser with nonexistent protections is the core of the issue. Funny how none of my other accounts with cookies through actual reputable browsers were compromised, including financial accounts. All they managed to get into was Steam, and you don't see this as a problem?

It's odd that people rather create elaborate theories than just face realism.

Contact Steam support to get help securing the future of your account. That's all you can do unfortunately

Originally posted by Izzy:

Almost forgot: Whatever you meant by RAT (I assume some malware) needed to be executed.
It wouldn't just magically run in your computer just by browsing a website, which means you executed a file. Malware isn't magic.

Valve can't (and shouldn't) protect you from your own actions, you downloaded and executed a file without looking into it first.

The RAT, remote access trojan, was in a compromised file that I downloaded from a trustworthy source (Curseforge). My mistake in this was not scanning a file from a trustworthy source, which won't happen again.

Originally posted by C²C^Guyver |NZB|:

Look OP. If you're going to make a thread and ignore everything that anyone tells you, then there was no point in making it.

Steam accounts are hijacked, not hacked. This only happens when you leak your account login information somewhere. There is no other reason.

So, do the steps above and secure your account, because if it happens again, you may not just get your items stolen. If your account is used to cheat while it is hijacked, you are responsible for any and all bans applaud to the account as you are responsible for any actions on your account and the security of your account.

The point of the thread isn't to listen to other people who have an unhealthy obsession and trust for Steam. My point is to warn others about this, because like it or not, Steam's security on this failed where all others on the system didn't.

You literally admitted to getting your PC compromised and it's still Valve's fault...