Accounts are phished not hacked.

You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

sorry it happened, partner

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

if the key is blank, leave it that way

magicISO Sweden の投稿を引用：

Accounts are phished not hacked.

You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

I genuinely believe I've not clicked any suspicious or malicious link and I've changed the password as well.
However, if you're adamant that I've given up my info somehow, can you redirect me to a guide/checklist about all actions I should take to secure myself? I've tried going through steam's support pages about securing and recovering my account and yet it was still accessed afterwards, perhaps I'm missing some crucial steps? Help would be greatly appreciated.

KalCuey の投稿を引用：

sorry it happened, partner

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

if the key is blank, leave it that way

Thank you, I will follow your advice.

AniReaper の投稿を引用：

I genuinely believe I've not clicked any suspicious or malicious link and I've changed the password as well.
However, if you're adamant that I've given up my info somehow, can you redirect me to a guide/checklist about all actions I should take to secure myself? I've tried going through steam's support pages about securing and recovering my account and yet it was still accessed afterwards, perhaps I'm missing some crucial steps? Help would be greatly appreciated.

@KalCuey linked instruction in post #2

1. Scanned and Malwarebytes scan came out clean.
2. Email and phone number are still the correct ones (both also marked as verified)
3. Just now de-authorized all devices
4. Changed the password
5. After changing password I had to redo/remake all of my 2FA, finally finished and got the list of backup codes
6. The API key is blank

Thank you for helping me, I will leave discussion as unanswered for now and closely monitor for any suspicious activities from my accounts for the next few days before making sure I'm all safe, thanks.

I also suggest changing your email adress to another one that's secured by 2FA. For example, I assume you might have more than one email, use one that's not widely used on the web, email is also very important. It's the heart of your account.

Make sure, your EMAIL ADRESS is not compromissed. I lost my account temporarily because I had weak security and through outlook(app) (i think it was infected) they managed to add rules to my email where it redierected STEAM emails, also jacked all my emails and data and they could in essence contact support and pretend it was me to get my account which they did, but i recovered it.

It's all good now, but make sure your email hasn't got "rules" set on it where it redirects emails. It's best to change your email as well on steam. Since you said you hadn't really clicked any pishing links or logged anywhere suspect, it can be an email breach. I too was careful to avoid any of that but did the mistake of having crap security on my email and using an old one too that was prolly leaked 10 times lol from various websites, oh and had no 2fa on the email D: . I did have on steam but if they get your email they can disable it via support if they have enough of your personal info.

Hi all,

I managed to more or less secure everything, but as it turns out it wasn't really a phishing link that I clicked, instead as the genius that I was :) I ran a sketchy program a few days earlier and forgot about it, I later learned that it was a "Stealer malware" disguised as the program I wanted to install at the time.

Stealer malwares are tricky and most antiviruses weren't able to detect anything, besides bitdefender which noticed multiple threats included a key logger and a few others.

Still not even slightly trusting the pc anymore I decided to check if I needed any files or data on the pc and secured it as I could before using ShredOS to fully wipe all drives as Stealer malwares can be incredibly persistent.

Thanks y'all for the help!

P.S. I used another secure pc to change and secure all my accounts and cancelled my bank card as it was also compromised. besides the handful of useless cards n stuff from my steam inventory I didn't end up losing anything of worth, but it was definitely a good lesson on what not to do in the future.

Also if a mod can lock the discussion, as it's not needed anymore that would be great.

AniReaper の投稿を引用：

Hacker

No. That's not what happened.

ⅫⅠ の投稿を引用：

AniReaper の投稿を引用：

Hacker

No. That's not what happened.

I know reading literacy is not for everyone, but it'd help you out to look at the last post in a discussion before responding bud 🤗 😉

its not very often someone admits its there mistake for these things, glad u found ur problem!