You are NOT Banned
your account is compromised
DO NOT TRADE

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Once you are sure you have regained control, you can start trading again. Please triple check any trades you make to be sure they are going to the correct account.

After you have secured the account, please edit your profile back to normal (if it was altered by the hijacker/scammer)

the APIKEY lets the scammer see what is being traded and to who, they can then cancel and redirect a trade to any account they want and make that account look like the one you wanted to send the items to.

if you did everything in the list above, your account is secure. figure out where you messed up that allowed the scammer access to the account

Originally posted by TaQ_s:

Hi, when i logged to steam today I realised that my profile picture, profile name and description has been changed. Profile name was some numbers, profile picture was VAC and description was: https://imgur.com/SoGlXq7
I deleted my steam web api, changed password twice, changed mail, changed password to that mail, deauthorised all devices and scanned my computer with malwarebytes and avast. I'm 95% sure it was scam but how it works and am I safe now? Thanks for help in advance.

connect to steam support

Originally posted by Wolf Knight:

You are NOT Banned
your account is compromised
DO NOT TRADE

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Once you are sure you have regained control, you can start trading again. Please triple check any trades you make to be sure they are going to the correct account.

After you have secured the account, please edit your profile back to normal (if it was altered by the hijacker/scammer)

Well, my computer seems to be clear (antivirus showed it is) so it might be an issue with 3rd party site.

Originally posted by TaQ_s:

Originally posted by Wolf Knight:

You are NOT Banned
your account is compromised
DO NOT TRADE

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Once you are sure you have regained control, you can start trading again. Please triple check any trades you make to be sure they are going to the correct account.

After you have secured the account, please edit your profile back to normal (if it was altered by the hijacker/scammer)

Well, my computer seems to be clear (antivirus showed it is) so it might be an issue with 3rd party site.

You gave away your credentials to a phishing site, your account was then shadow-hijacked without your knowledge. The scammers then pretended your account was banned to force you to instigate a trade as they have access to the API key on your account designed to control trades.

Had you created a trade, it would have been cancelled and then resubmitted by the hijackers using an impersonated account via your rigged API key and you would've then confirmed the bogus trade again and your items would have been stolen.

Be extra vigilant where you enter your credentials. You got lucky this time.

Originally posted by J4MESOX4D:

Originally posted by TaQ_s:

Well, my computer seems to be clear (antivirus showed it is) so it might be an issue with 3rd party site.

You gave away your credentials to a phishing site, your account was then shadow-hijacked without your knowledge. The scammers then pretended your account was banned to force you to instigate a trade as they have access to the API key on your account designed to control trades.

Had you created a trade, it would have been cancelled and then resubmitted by the hijackers using an impersonated account via your rigged API key and you would've then confirmed the bogus trade again and your items would have been stolen.

Be extra vigilant where you enter your credentials. You got lucky this time.

Ok, thanks man. So now I should be safe as I revoked my steam web api?

Originally posted by TaQ_s:

Originally posted by J4MESOX4D:

You gave away your credentials to a phishing site, your account was then shadow-hijacked without your knowledge. The scammers then pretended your account was banned to force you to instigate a trade as they have access to the API key on your account designed to control trades.

Had you created a trade, it would have been cancelled and then resubmitted by the hijackers using an impersonated account via your rigged API key and you would've then confirmed the bogus trade again and your items would have been stolen.

Be extra vigilant where you enter your credentials. You got lucky this time.

Ok, thanks man. So now I should be safe as I revoked my steam web api?

As long as you've done all the steps given in the first response and most importantly that the API key revoked, you should be perfectly safe now.

Did you do all the steps listed in order without skipping any?

Originally posted by Snapjak:

Did you do all the steps listed in order without skipping any?

Yes, I did.
But how they changed my profile? They had to have log in but there wasnt any notification on my phone, when the steam guard is installed. They did it through api or my computer?

Originally posted by TaQ_s:

Originally posted by Snapjak:

Did you do all the steps listed in order without skipping any?

Yes, I did.
But how they changed my profile? They had to have log in but there wasnt any notification on my phone, when the steam guard is installed. They did it through api or my computer?

You gave away your credentials (login name, password and auth code) to a fake steam login on a 3rd party scam site and these were then botted instantly into a real client. They had full control of your account which is why they could change your name, profile description and picture.

The only thing they couldn't control was you confirming the trade even after rigging your API key so they had to force you to make a trade which they could then control in an attempt to steal your items.

Originally posted by J4MESOX4D:

Originally posted by TaQ_s:

Yes, I did.
But how they changed my profile? They had to have log in but there wasnt any notification on my phone, when the steam guard is installed. They did it through api or my computer?

You gave away your credentials (login name, password and auth code) to a fake steam login and these were then botted instantly into a real client. They had full control of your account which is why they could change your name, profile description and picture.

The only thing they couldn't control was you confirming the trade even after rigging your API key so they had to force you to make a trade which they could then control in an attempt to steal your items.

Oh, now I see. It's strange because I remember that I logged into some sites 2 or 3 weeks ago so they waited that long. They have to have a lot of work with other accounts. Actually, I remember that one of "trade" sites was a little bit strange. I am used to see on SSL when I log anywhere but maybe I didn't that time. Now when I understand the problem I can change my password to even more complicated one. Thanks for helping me.

Originally posted by TaQ_s:

Originally posted by J4MESOX4D:

You gave away your credentials (login name, password and auth code) to a fake steam login and these were then botted instantly into a real client. They had full control of your account which is why they could change your name, profile description and picture.

The only thing they couldn't control was you confirming the trade even after rigging your API key so they had to force you to make a trade which they could then control in an attempt to steal your items.

Oh, now I see. It's strange because I remember that I logged into some sites 2 or 3 weeks ago so they waited that long. They have to have a lot of work with other accounts. Actually, I remember that one of "trade" sites was a little bit strange. I am used to see on SSL when I log anywhere but maybe I didn't that time. Now when I understand the problem I can change my password to even more complicated one. Thanks for helping me.

Sometimes the hijackers wait to strike when the payoff is best. If you give away your credentials set to a phishing site then no matter how long your password is, it will be captured and login-botted and you'll be hijacked.

Some sites steal accounts to cheat or scam others so you have been fortunate it seems. Next time it could be a lost worse so I would avoid such sites in the future.

Ok, thanks. I will be revoking my steam api every time before any trade now.

If something is APPEARING in your api area without you actively using it for professional purposes like it's meant to, your account is still in trouble. NOTHING should be there for any typical user, at any time.

Originally posted by Zekiran:

If something is APPEARING in your api area without you actively using it for professional purposes like it's meant to, your account is still in trouble. NOTHING should be there for any typical user, at any time.

Yeah, I understand.
Btw now I realised that some time ago I wanted to trade my knife to someone (for another knife) and I made trade offer on the computer. Then I opened my steam app on phone to confirm it. Luckily, I checked that trade offer and it turned out to be empty, so I rejected it. Wow, it was so close. I will try to find this trade and report steam account.

Ok, both accounts already got trade banned. It was on 30th of April.