All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
Dinobam Dec 2, 2020 @ 1:24pm
I've been hacked for 3 weeks and I didn't receive any notification
From around November 10 until November 26 if 2020, my computer was broken, so I didn't have any access to Steam on the PC nor the games. However, my mobile authenticator was still enabled the entirety of the time.

From November 14 until November 26 of 2020, someone from Russia has hacked into my account numerous times a day from November 14, 2020 till November 26, 2020. On November 16, 2020, a trade was sent from my account including a list of Team Fortress 2 items to a user. I have never contacted this person before in any way. No games, no friend adds, no chats, no common groups or friends, nothing. Whether they still have possession over the items or not is beyond me.

However, my biggest issue is that I never received not one notification from the Steam Mobile App talking about a code I must authenticate. The entire time the hacker had had access to my account, and even after I fixed my computer, I haven't received a notification for authenticating a code. It was only when I changed my password and gained access to my computer on November 26 that I started to receive authentication codes for a computer that is trying to log into my computer. I've lost over 3 dozen Team Fortress 2 items from my inventory, totaling a worth of around 100+ dollars. I had no clue that my items were gone until earlier today when I checked my inventory. I hadn't received any trade confirmation notification to tell me that there is a pending trade. The items are gone because the authenticator didn't notify me of anything of the sorts.

I'm really just clueless on all this, and I have no idea what I can do. Steam supports email is out of use, so I'm here. What can I do? How did they bypass the authenticator? How did I not get any notifications?

Something went wrong while displaying this content. Refresh

Error Reference: Community_9734361_
Loading CSS chunk 7561 failed.
(error: https://community.fastly.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
< 1 2 >
Showing 1-15 of 21 comments
J4MESOX4D Dec 2, 2020 @ 1:31pm 
Accounts do not get 'hacked' - if you have the authenticator then somewhere along the lines you (like over 100,000 users a week) gave away your credential to a phishing site. If these were then successfully logged in then there is no indication that the account would be hijacked so obviously no notifications are provided.

You will only be alerted to attempted logins.
#1
Dinobam Dec 2, 2020 @ 1:36pm 
Originally posted by J4MESOX4D:
Accounts do not get 'hacked' - if you have the authenticator then somewhere along the lines you (like over 100,000 users a week) gave away your credential to a phishing site. If these were then successfully logged in then there is no indication that the account would be hijacked so obviously no notifications are provided.

You will only be alerted to attempted logins.
Then how exactly did they get a hold on my credentials, somehow bypass the authenticator entirely, and log in from a new device in a different region? That's what confuses me
#2
J4MESOX4D Dec 2, 2020 @ 1:39pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
Accounts do not get 'hacked' - if you have the authenticator then somewhere along the lines you (like over 100,000 users a week) gave away your credential to a phishing site. If these were then successfully logged in then there is no indication that the account would be hijacked so obviously no notifications are provided.

You will only be alerted to attempted logins.
Then how exactly did they get a hold on my credentials, somehow bypass the authenticator entirely, and log in from a new device in a different region? That's what confuses me
There is no bypass. You gave away your credentials to a fake Steam login page including the live auth code at some stage and these were then instantly login-botted into a real client and your account was hijacked.
Last edited by J4MESOX4D; Dec 2, 2020 @ 1:39pm
#3
Satoru Dec 2, 2020 @ 1:39pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
Accounts do not get 'hacked' - if you have the authenticator then somewhere along the lines you (like over 100,000 users a week) gave away your credential to a phishing site. If these were then successfully logged in then there is no indication that the account would be hijacked so obviously no notifications are provided.

You will only be alerted to attempted logins.
Then how exactly did they get a hold on my credentials, somehow bypass the authenticator entirely, and log in from a new device in a different region? That's what confuses me

Phishing
#4
Dinobam Dec 2, 2020 @ 1:40pm 
Originally posted by J4MESOX4D:
Originally posted by Dinobam100:
Then how exactly did they get a hold on my credentials, somehow bypass the authenticator entirely, and log in from a new device in a different region? That's what confuses me
There is no bypass. You gave away your credentials to a fake Steam login page including the live auth code at some stage and these were then instantly login-botted into a real client and your account was hijacked.
I haven't done anything like that, though. The only thing I've done recently was use a trading website, but that didn't ask for a code.
#5
kitt Dec 2, 2020 @ 1:41pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
Accounts do not get 'hacked' - if you have the authenticator then somewhere along the lines you (like over 100,000 users a week) gave away your credential to a phishing site. If these were then successfully logged in then there is no indication that the account would be hijacked so obviously no notifications are provided.

You will only be alerted to attempted logins.
Then how exactly did they get a hold on my credentials, somehow bypass the authenticator entirely, and log in from a new device in a different region? That's what confuses me
How should we know? Its your job to know where you login or sign up.



Nvm.. from i did nothing to j used a scam site in minutes.. classic
Last edited by kitt; Dec 2, 2020 @ 1:43pm
#6
J4MESOX4D Dec 2, 2020 @ 1:43pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
There is no bypass. You gave away your credentials to a fake Steam login page including the live auth code at some stage and these were then instantly login-botted into a real client and your account was hijacked.
I haven't done anything like that, though. The only thing I've done recently was use a trading website, but that didn't ask for a code.
So you use 3rd party sites. There's your answer. Only you know what other activity you did. You'll have to cross-reference your external activity with the login data Steam provides but it's possible the hijackers were idle-sitting on your account.

The auth cannot be bypassed and nobody would ever be able to guess your login name, password AND live auth code - that alone would be impossible.
Last edited by J4MESOX4D; Dec 2, 2020 @ 1:45pm
#7
The Giving One Dec 2, 2020 @ 1:45pm 
You don't have to take the word of the helpful users here telling you how this works, even though you should. We see this here pretty much every day.

Do a forum search for "I was hacked" or just "hacked" and you can see for yourself, as many also misuse that word to illustrate how this problem originates.
Last edited by The Giving One; Dec 2, 2020 @ 1:46pm
#8
Dinobam Dec 2, 2020 @ 1:46pm 
Originally posted by J4MESOX4D:
Originally posted by Dinobam100:
I haven't done anything like that, though. The only thing I've done recently was use a trading website, but that didn't ask for a code.
So you use 3rd party sites. There's your answer. Only you know what other activity you did. You'll have to cross-reference your external activity with the login data Steam provides but it's possible the hijackers were idle-sitting on your account.

The auth cannot be disabled and nobody would ever be able to guess your login name, password AND live auth code - that alone would be impossible.
The trading website is incredibly well-known (I'm not sure if i can say what website it is, but the first one that comes to your mind for TF2 is most likely it.) I haven't used any other websites besides that one.
#9
The Giving One Dec 2, 2020 @ 1:47pm 
Originally posted by Dinobam100:
The trading website is incredibly well-known (I'm not sure if i can say what website it is, but the first one that comes to your mind for TF2 is most likely it.) I haven't used any other websites besides that one.
That's almost word for word what others say in your situation.

"But that site is legit."

Well, some site you entered your login into somewhere is not.
#10
J4MESOX4D Dec 2, 2020 @ 1:47pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
So you use 3rd party sites. There's your answer. Only you know what other activity you did. You'll have to cross-reference your external activity with the login data Steam provides but it's possible the hijackers were idle-sitting on your account.

The auth cannot be disabled and nobody would ever be able to guess your login name, password AND live auth code - that alone would be impossible.
The trading website is incredibly well-known (I'm not sure if i can say what website it is, but the first one that comes to your mind for TF2 is most likely it.) I haven't used any other websites besides that one.
If you can't say what it is then that probably says it all. You are probably still shadow-hijacked so I suggest you do these steps in order and without fail before the scammers get an early Christmas present:-

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey
#11
Dinobam Dec 2, 2020 @ 1:53pm 
Originally posted by J4MESOX4D:
Originally posted by Dinobam100:
The trading website is incredibly well-known (I'm not sure if i can say what website it is, but the first one that comes to your mind for TF2 is most likely it.) I haven't used any other websites besides that one.
If you can't say what it is then that probably says it all. You are probably still shadow-hijacked so I suggest you do these steps in order and without fail before the scammers get an early Christmas present:-

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey
Done everything here now. Also I'm not sure if I can mention trading sites in general, that's why I thought that I couldn't really type it out. But I guess what's done is done, and I'm just screwed god knows how many bucks. Thanks, though!
#12
J4MESOX4D Dec 2, 2020 @ 1:59pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
If you can't say what it is then that probably says it all. You are probably still shadow-hijacked so I suggest you do these steps in order and without fail before the scammers get an early Christmas present:-

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey
Done everything here now. Also I'm not sure if I can mention trading sites in general, that's why I thought that I couldn't really type it out. But I guess what's done is done, and I'm just screwed god knows how many bucks. Thanks, though!
No problem! Best to steer clear of such sites - we always hear from users how such site is 'legit' and then a couple weeks later we find out they were scammed or had their account stolen.
#13
Dinobam Dec 2, 2020 @ 2:02pm 
Originally posted by J4MESOX4D:
Originally posted by Dinobam100:
Done everything here now. Also I'm not sure if I can mention trading sites in general, that's why I thought that I couldn't really type it out. But I guess what's done is done, and I'm just screwed god knows how many bucks. Thanks, though!
No problem! Best to steer clear of such sites - we always hear from users how such site is 'legit' and then a couple weeks later we find out they were scammed or had their account stolen.
I've learned my lesson. Sucks that I've lost all those items though, had some of those for a good while. Not much I can do now.
#14
crunchyfrog Dec 2, 2020 @ 2:32pm 
Originally posted by Dinobam100:
Originally posted by J4MESOX4D:
So you use 3rd party sites. There's your answer. Only you know what other activity you did. You'll have to cross-reference your external activity with the login data Steam provides but it's possible the hijackers were idle-sitting on your account.

The auth cannot be disabled and nobody would ever be able to guess your login name, password AND live auth code - that alone would be impossible.
The trading website is incredibly well-known (I'm not sure if i can say what website it is, but the first one that comes to your mind for TF2 is most likely it.) I haven't used any other websites besides that one.
Well known is not a synonym for "legit".

It just means they're good at it.

You WERE phished. I wouldn't concern yourself trying to work out where it happened.

Just accept that this IS how it happened, and learn NEVER to log into steam ANYWHERE else, no matter if it looks like a steam login. They will get you when you are unaware which is exactly what happened to you.

That's how cons work.
#15
< 1 2 >
Showing 1-15 of 21 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Dec 2, 2020 @ 1:24pm
Posts: 21
Start a New Discussion

Discussions Rules and Guidelines