Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
This topic has been locked 
Discussions Rules and Guidelines
Report this post
DO NOT TRADE
If you have access to the account
Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.
Have done all the mentioned. As mentioned, I only used 1 PC for my steam account, and I'm pretty sure my PC is clean as I do malware scans and stuffs from time to time to keep my PC clean of any potential threats, have always been pretty careful in terms of basic cyber security to protect myself....
Also I haven't logged into any 3rd party site except for dotabuff, which it was logged in since 1 year ago.
I really couldn't figure out how this happened.
Yes I did see an API key there, does that means by seeing an API key means my account is compromised?
Yes - the hijacker enabled it.
Dotabuff has always been there to keep track of game stats and stuffs etc., the last time I logged in was 1 year ago, nothing else. I don't get it how it happens after a year of being logged in to Dotabuff which almost all dota player uses it.
So there's no way to prevent or ensure that this doesnt happens again in the future right? I mean I seriously thought of re-buying all these cosmetic items back. But looking at how vulnerable a Steam account can be no matter how cautious you try to be, such things still can happen and I'm really disappointed.
I mean if it can happen once, it might happen again right. And worst thing is I dont think Valve/Steam Support is gonna give a damn about this other than telling me it's my own responsibility and I just gotta suck it up.
I get your point, not being sturbborn or anything but if you're quoting Dotabuff, highly unlikely as I have not logged in my Steam credentials on any other platforms for at least 1 year. As mentioned the last time was Dotabuff which was 1 year ago. This is why I feel so ridiculous as to how vulnerable can our account security is.
They care a lot about it. That's why items that leave an account are not restored or returned.
https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24
Also, people have tried to scam Valve with methods such as faking account hijacks in the past, in order to get duplicate items.
You logged in on an external site with your Steam login, that is always risky.
There is. Don't log in on 3rd party sites with your Steam login credentials. Bookmark the direct link to Steam in your browser and only use that one. Don't find websites through Google, type the link directly in your address bar. There are many things you can do to kee the account safe and to not let it happen again.
Steam has the one-click-login for 3rd party sites. If at any time you have to actually put in your credentials on a 3rd party site, back out and don't do it.
And that's the truth. it *is* your responsibility to practise account security. And that is more than just activating Steam guard and thinking it's some kind of magical shield.
Yea it is still possible even though I last logged in on that site 1 year ago, thats why I'm not being blinded by that. What I'm saying is despite being mostly cautious, fact is that in the cyber world such thing still can happen easily without you knowing.
If logging is on external sites possess such a big risk, I don't see why Steam is still allowing people to do this and exposing people to risks. It's just like a bank will never ask or let you key in your PIN number or anything related in other websites, there's nothing linked to that, which that's because security is their priority.
Yet over here these 3rd party websites enables users to look at their in-game stats, buy/trade/sell items and many more. If they are really so risky to do it, then it shouldn't allow these websites to be even have any form of link/relationship with our steam accounts.
Those many things that you mentioned to keep the account safe and not to let it happen again were all practiced on my end, except for that "3rd party site" which most Dota 2 players are using, even pro players.
And no, never have I ever trusted that Steam guard is a magical shield btw, those were my efforts to ensure my account's security.
I know I might sound really mad, which I do admit because it's so dissappointing to see such things happening and all you can do is just to be "more careful" in the future to prevent such things. Fact is if this happens again, people will just said then you have to be "more extra careful" becuase you didn't do enough the previous time.
My main point of posting this discussion here was to seek for any help regarding if Steam will be able to assist me with this incident, not to repeatedly tell me it is my responsibility when I have did whatever I can to my best of knowledge to keep my account safe, not just assuming Steam guard works like a magical shield.