All Discussions > Steam Forums > Help and Tips > Topic Details

This topic has been locked

TRIGGER ??? Oct 26, 2021 @ 5:19am

my account got hack auto sell item on dota2

anyone help me please
my account got hack even though my account got 2 factor authourize
when the hacker hack my account my steam on phone didnt receive any messenge
but my gmail still have notification about selling items

Something went wrong while displaying this content. Refresh

Error Reference: Community_9734361_

Loading CSS chunk 7561 failed.
(error: https://community.fastly.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)

Showing 1-11 of 11 comments

FROYO Rando Blueberry King Jesus Oct 26, 2021 @ 5:27am

You used mobile authentication yes?

DC-GS Oct 26, 2021 @ 5:40am

Yeah, "hacking".

Most likely you visited some random website (skins, voting) and gave them the Steamguard code.

Do a full recovery.

Zekiran Oct 26, 2021 @ 5:47am

How to recover your account

How To Recover Your Account

A Guide for Steam

By: 🜂∴🜏 Cassie

This is a step-by-step guide on how to navigate the Steam Support Help page to recover an account that you no longer have access to.

Your account is compromised.

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey
** If there is nothing in the API key area, that’s fine. If there IS something, remove it. Nothing should be there.**

No items that have been traded away during this time will be returned to you.

Change your Email’s password on your computer for safety

Also report any account that is suspect as scammer, and STOP visiting 3rd party trade sites!!

Supafly Oct 26, 2021 @ 6:59am

Originally posted by cocomelon:
my account got hack even though my account got 2 factor authourize

No it got hijacked. Hacking requires exploiting weaknesses in code where as hijacking involves exploiting weaknesses of a user. You gave you details to a dodgy phishing website. Including your Steam guard code making your 2FA useless. 2FA is just another key. When you give that key away to strangers those strangers have access.

Follow Zekiran steps in post #3 and stop using dodgy sites

If you insist on using third party sites do it the safe way

1. Open Web browser
2. Login on Steams Official page
3. Visit Third party site
4. Look for and use the one click login button
5. If 4 doesn't work and you're asked for you username, password and Guard code your on a phishing site. LEAVE and DO NOT use again

Can also use sites like scamadviser.com to check how trustworthy a site is before using it. Works for any site not just Steam related. Use it whenever entering login credentials or banking data

TRIGGER ??? Oct 27, 2021 @ 1:28am

i dont visit any third party website at all
this account was suppose to stored my items only and for no other purposed
and i dont give anyone any information of this account and this still happened ?

Zekiran Oct 27, 2021 @ 1:30am

And yet, if your items were sold or traded without YOU authorizing those things:

You DID in fact post your login info somewhere it should not have been. That's the only way this ever happens. It might have been something about "voting for your friend" or "please add me I can't seem to add you" - and phishing sites often look just like Steam.

Either way, DO THE THINGS I posted. That's the only way to make sure that your account is secure.

The Giving One Oct 27, 2021 @ 3:00am

Originally posted by cocomelon:
i dont visit any third party website at all
this account was suppose to stored my items only and for no other purposed
and i dont give anyone any information of this account and this still happened ?

In some cases, the user logged into a phishing page that looked closely like the one they intended to log into, so it's possible you did it by mistake.

Point is, the account was compromised somehow. Hopefully, you have done all the steps posted above by now, but if you saw anything in the domain name field when using this link :

Originally posted by Zekiran:
Revoke the api key https://steamcommunity.com/dev/apikey
** If there is nothing in the API key area, that’s fine. If there IS something, remove it. Nothing should be there.**

Then that even more confirms what you describe in the OP.

paksheytbiytch Nov 29, 2022 @ 11:14am

any chance to recover the items? it happened to me too

м Nov 29, 2022 @ 11:53am

Originally posted by Hyperion:
any chance to recover the items? it happened to me too

No, items are gone forever.

Bee🐝 Nov 29, 2022 @ 11:56am

Originally posted by Hyperion:
any chance to recover the items? it happened to me too

You MUST also take the following steps to secure your account:

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey - This field should be blank

Do NOT trade until your account is secured.

Steam does not return inventory items or wallet funds: https://support.steampowered.com/kb_article.php?ref=3415-WAFH-6433#noreturn

#10