Dota 2 Items Stolen/Sold on Steam Market [Someone please help...]

Összes téma > Steam fórumok > Help and Tips > Téma részletei

Ez a téma zárolásra került

z1pper 2021. okt. 22., 14:22

Dota 2 Items Stolen/Sold on Steam Market [Someone please help...]

This is the first time I encountered such cyber incident, I am always very careful with my passwords on any online stuffs I used, including emails and any other stuffs on the internet.

To keep it short, someone has went into my Steam account and sold total of 54 items on the Steam Market using my account. The entire 54 items were all sold at ridiculously low price (ranging $0.50 to $1.28), which many of those items are actually worth way more on the market.

Eventually, the last transaction was the hacker/hijacker used all the credits that were accumulated by selling those items to buy a worthless Axe's head cosmetic for $50.18 on the market. In this case, it can be assumed that the seller of the $50.18 axe head cosmetic is the hijacker/hacker as he did this to bascially transfer all the steam credits to his account.

I had immediately proceeded to changed my Steam password, deauthorize all devices and I still have control of my account so I assumed it is safe meanwhile.

But the question here is, is there anything Valve/Steam can do to assist me with this? Do I have to just suck it up and count myself unlucky despite already having my account 100% secured?

It is clearly obvious that the hijacker/hacker intentionally sell my items at a super low priced to avoid detection, cos usually when you attempt to sell an item that's worth more than a certain amount on the market, it will requires Steam Guard confirmation your mobile, the 2FA security.

I understand many people would say that it is my responsibility on this and I must have somehow compromised my account in someways. I can confidently say that I have not given my Steam ID/password to anyone else, I have my Steam Guard 2FA mobile authentication on all the time and I have never clicked on any weird or sussy links that could compromised my PC or any other information, neither have I logged in my Steam account on any other PCs other than my current personal PC that only I uses it. The only time I have logged in my Steam ID on other sites is Dotabuff, nothing else.

I have done 101% effort and responsibility to always ensure to not fall into victim of cyber theft/scam as I know how scary the internet can be these days. But despite all the efforts, this actually happened infront of my eyes, what do I do moving on?

< >

16–29/29 megjegyzés mutatása

The Giving One 2021. okt. 22., 17:13

z1pper eredeti hozzászólása:
Yet over here these 3rd party websites enables users to look at their in-game stats, buy/trade/sell items and many more. If they are really so risky to do it, then it shouldn't allow these websites to be even have any form of link/relationship with our steam accounts.

I will provide a counter argument to this :

If it is already so easy to do all those things safely on Steam, then why do people need to go to those other sites to do it ?

Steam already provides all the tools necessary to do those things, and to do them safely, and they provide support pages that clearly explain what you need to watch out for.

So why go there and not just stay on Steam ?

#16

z1pper 2021. okt. 22., 17:30

The Giving One eredeti hozzászólása:
z1pper eredeti hozzászólása:
Yet over here these 3rd party websites enables users to look at their in-game stats, buy/trade/sell items and many more. If they are really so risky to do it, then it shouldn't allow these websites to be even have any form of link/relationship with our steam accounts.
I will provide a counter argument to this :

If it is already so easy to do all those things safely on Steam, then why do people need to go to those other sites to do it ?

Steam already provides all the tools necessary to do those things, and to do them safely, and they provide support pages that clearly explain what you need to watch out for.

So why go there and not just stay on Steam ?

That is not true, at least for Dota 2. A lot of in game statistics and in-depth info can only be found on Dotabuff with detailed breakdown of certain information, especially if you play it on a high level. We would hope that these info are available in the game, but it isn't. These are platforms that pro players, even Valve themselves got their in game statistics from whenever there's tournaments like TI 10, those in-game predictions/bracket prediction results were actually drew out from there.

Fact here is that by having these 3rd party sites, there's business opportunities, it's obvious.

And like what I explained, if it post such a huge risk, then don't even allow it in the first place. Just like my example, you won't see bank allowing themselves to associate with any external sites, there would by right be 0 chances of you entering your bank credentials on a external site, only possibility is a fake phising site of the bank that will make u fall victim into it.

Also to add on, if Steam has everything, then might as well just dont enable the function of having them. You get what I mean, why would I go to another website to check my bank account balance if I could check if from the bank itself.

Legutóbb szerkesztette: z1pper; 2021. okt. 22., 17:32

#17

The Giving One 2021. okt. 22., 17:35

Sounds like a suggestion on improving the in game reporting for stats might be a good idea, then, so people would be more likely to stay on Steam to do it, if what you said is true.

https://steamcommunity.com/discussions/forum/10/

https://steamcommunity.com/discussions/forum/0/

It's been discussed many times, as well as alternatives, in those forums so feel free to use the forum search there if you wish, and if there is an already existing topic that is not too old and still open, feel free to state your ideas, if you wish.

If you have any other questions about this topic here, feel free to ask them, and we can try to provide the relevant information.

But we can't do anything here about Valve's policy, as I am sure you understand.

Steam Support did once restore lost items as a one time only good will gesture, but the account has to meet specific criteria, and that was a one and only one time thing.

And one of the criteria was the account must have ONLY been hijacked once, or they would not do it.

That went away pretty soon after 2FA became a thing. They no longer restore or return lost items. They posted a news article once, and in that they said that they see about 77,000 accounts hijacked and pillaged each month.

https://store.steampowered.com/oldnews/19618

The API compromise was the new way hijackers and scammers would try around this, but that still requires the user to fail at keeping their info secure, because otherwise, they can't get around the mobile authenticator, as that is the second factor in 2FA.

I think you should understand more on how the API works, if you want to discuss why Valve can't prevent people from compromising their own API key.

https://steamcommunity.com/dev

#18

z1pper 2021. okt. 22., 17:42

The Giving One eredeti hozzászólása:
Sounds like a suggestion on improving the in game reporting for stats might be a good idea, then, so people would be more likely to stay on Steam to do it, if what you said is true.

https://steamcommunity.com/discussions/forum/10/

https://steamcommunity.com/discussions/forum/0/

It's been discussed many times, as well as alternatives, in those forums so feel free to use the forum search there if you wish, and if there is an already existing topic that is not too old and still open, feel free to state your ideas, if you wish.

If you have any other questions about this topic here, feel free to ask them, and we can try to provide the relevant information.

But we can't do anything here about Valve's policy, as I am sure you understand.

Steam Support did once restore lost items as a one time only good will gesture, but the account has to meet specific criteria, and that was a one and only one time thing.

And one of the criteria was the account must have ONLY been hijacked once, or they would not do it.

That went away pretty soon after 2FA became a thing. They no longer restore or return lost items. They posted a news article once, and in that they said that they see about 77,000 accounts hijacked and pillaged each month.

https://store.steampowered.com/oldnews/19618

The API compromise was the new way hijackers and scammers would try around this, but that still requires the user to fail at keeping their info secure, because otherwise, they can't get around the mobile authenticator, as that is the second factor in 2FA.

I think you should understand more on how the API works, if you want to discuss why Valve can't prevent people from compromising their own API key.

https://steamcommunity.com/dev

This is a really helpful response, was kinda what I was looking for.

Speaking about the one time good will gesture of restoring lost items, I'm just wondering after the 2FA was implemented, by any chance if you're aware that anyone has had their items restored on a exception basis?

I do kinda understand Valve's stand for not wanting to restore lost/stolen items, one of them is to prevent people abusing it to kind of duplicate items or take advantage of them in benefit of doubt. And yes, I have very little knowledge about how API works to be honest.

#19

The Giving One 2021. okt. 22., 17:48

z1pper eredeti hozzászólása:
This is a really helpful response, was kinda what I was looking for.

Speaking about the one time good will gesture of restoring lost items, I'm just wondering after the 2FA was implemented, by any chance if you're aware that anyone has had their items restored on a exception basis?

I do kinda understand Valve's stand for not wanting to restore lost/stolen items, one of them is to prevent people abusing it to kind of duplicate items or take advantage of them in benefit of doubt. And yes, I have very little knowledge about how API works to be honest.

I am very happy to know you found that helpful.

No, I am very sorry, as I have never heard of them making an exception to the restoration policy. As I am sure you understand, if they did it once, it would go viral and everyone would want it done in their case also.

I would like to commend you, for what it is worth, on your honesty here. We often have to pry out the information in threads like this, but you gave a good detailed OP above, and you replied honestly as to your use of the other website.

That's pretty honorable of you, and again, for what it is worth.

If hope that answered everything. Feel free to ask anything that we maybe can help with.

#20

𝕲𝖎𝖆𝖓𝖓𝖔 2023. jan. 14., 4:49

Did you ever found out anything that might help? The exact same thing happened to me yesterday. Any possible solutions?

#21

Crazy Tiger 2023. jan. 14., 4:54

Gianno eredeti hozzászólása:
Did you ever found out anything that might help? The exact same thing happened to me yesterday. Any possible solutions?

The solution is to do the steps in post #2 and to find out where you got phished or downloaded malware (getting phished is most likely of the 2).

#22

Wei Shen 2023. jan. 14., 19:12

@z1pper, i experienced this before, unfortunately steam/valve support wont help, change your password and make ur profile private, i have mobile authenticator but idk why most of my precouos items was sold to marketplace and it was sold for a very low price, and the money i got the hacker purchased it for DR weapon more than 100x

#23

𝕲𝖎𝖆𝖓𝖓𝖔 2023. jan. 19., 4:17

Makaveli- eredeti hozzászólása:
@z1pper, i experienced this before, unfortunately steam/valve support wont help, change your password and make ur profile private, i have mobile authenticator but idk why most of my precouos items was sold to marketplace and it was sold for a very low price, and the money i got the hacker purchased it for DR weapon more than 100x

Yeah same ♥♥♥♥. It's fcking unacceptable that steam won't help with that thing when it has already happened to more and more people and they know the situation.

#24

J4MESOX4D 2023. jan. 19., 4:55

Gianno eredeti hozzászólása:
Makaveli- eredeti hozzászólása:
@z1pper, i experienced this before, unfortunately steam/valve support wont help, change your password and make ur profile private, i have mobile authenticator but idk why most of my precouos items was sold to marketplace and it was sold for a very low price, and the money i got the hacker purchased it for DR weapon more than 100x

Yeah same ♥♥♥♥. It's fcking unacceptable that steam won't help with that thing when it has already happened to more and more people and they know the situation.

Everyone in this situation allowed their account to become compromised and then further confirmed a contaminated trade. Why should Steam care?

That's like giving away your front door key to a burglar and then moaning that the insurance wont pay out when you get robbed.

#25

Teksura 2023. jan. 19., 12:48

Gianno eredeti hozzászólása:
Makaveli- eredeti hozzászólása:
@z1pper, i experienced this before, unfortunately steam/valve support wont help, change your password and make ur profile private, i have mobile authenticator but idk why most of my precouos items was sold to marketplace and it was sold for a very low price, and the money i got the hacker purchased it for DR weapon more than 100x

Yeah same ♥♥♥♥. It's fcking unacceptable that steam won't help with that thing when it has already happened to more and more people and they know the situation.

Valve has helped with the situation. They have provided users with enough tools to ensure that all but the most careless never lose their accounts. Since the introduction of the mobile Authenticator, account hijacking has dropped dramatically. With that said, they will never be able to reduce it to zero because of the single weakest link in account security: The end user.

Nothing they can do will prevent a foolish user who ignores basic account security and common sense from just giving away their account information to shady websites which promise them one thing or another. Think of it like your house. the lock on your front door keeps thieves out, but if a thief walks up to you and asks for the keys to your front door, the lock does nothing if you happily hand the keys over to the guy in a ski mask.

At this point, there isn't a whole lot more they can do for you.

Legutóbb szerkesztette: Teksura; 2023. jan. 20., 0:41

#26

Wei Shen 2023. jan. 19., 22:37

bro i have mobile authenticator but why it bypass it? normally u have to check the item u want to sell to the market but it bypassed it? multiple items being sold, that's why i made my acct private and change passwords on email and on steam since if cases like this happened valve/steam wont help. they will say not our fault which is bad on the user side since we don't have any means of getting those items back, users will be forced to buy the items again, spend more money or maybe this is just a scheme to make u spend more. sad but true.

#27

76561198407601200 2023. jan. 20., 0:24

Makaveli- eredeti hozzászólása:
users will be forced to buy the items again, spend more money or maybe this is just a scheme to make u spend more. sad but true.

There is something I've noticed with this and other posts regarding vac bans. In the case of Vac bans there are those who come here to give their statement about they didn't cheat and want the ban lifted, they just purchased skins , they don't have the account (despite that not being the case), etc. They then for some reason state they will have to purchase those skins again on a new account.

The reason I bring this up is because you are also state there is a scheme to cause you to purchase those items again. In both the vac example and your post, if the person has truly felt they were being slighted in these scenarios, then why pray tell are they willing to spend more money on a platform they feel is going to do the same thing to them again?

If my account somehow became breached due to Valve's negligence and there were issues that arise from that, I certainly would not put another dime into their store nor will I accept any further payments which my business would be taken elsewhere.

#28