How can a scammer gain access to my Steam mobile authenticator? My steam account was hijacked.

All Discussions > Steam Forums > Help and Tips > Topic Details

This topic has been locked

zal May 3, 2022 @ 1:18pm

How can a scammer gain access to my Steam mobile authenticator? My steam account was hijacked.

Recently my steam account got hijacked. I got my account back in about 6 hours by contacting steam support.

Right now I am just trying to understand how it happened. One or two week before my account got hijacked I connected my steam account to a 3rd party site (yes I know I am dumb, I have learned my lesson). The scammer that owns this site had access to my username and password. How did he get access to the steam mobile authenticator code to log in my account?

The day that my account got hijacked, I received an sms from steam with a code to change the device of my steam mobile authentificator. A few minutes later, I received an email that said that my mobile authentifactor device was changed. How did the scammer get access to my sms? Can a scammer change the device of the steam mobile authenticator without the steam mobile authenticator recovery code (the code that you get when you set up mobile authenticator), without being logged in my account and without access to my sms?

Also, my account got hijacked a few days after I installed the steam mobile authenticator (I used to use my email as 2FA). Never had any problem with the email 2FA.

My first hypothesis is that the scammer is the owner of the third party site. He had access to my username and my password but still needed to get my steam mobile authentificator. He contacted steam support and pretended that he owned my account and that he lost access to the steam mobile authenticator. Steam support accepted to change the steam mobile authenticator device (even though the scammer didn't have the recovery code) and sent an sms to my phone number with the code to change the steam mobile authenticator. The question that remains is : How the f*** did the scammer get access to that code in my sms on my phone???

My second hypothesis is that it has nothing to do with the third party site. Maybe my phone is infected by a steam account scammer. He waited like 8 month (I got this phone 8 month ago on eBay) until I installed the steam mobile authenticator. The thing is that I literally have every thing on my phone. All my usernames and passwords of all my social media, all my email adresses, my bank account, my PayPal and my credit card are saved on it. Why would a scammer only be interested in my steam account when he can have access to something like a credit card?

Hopefully one of you can enlighten me on this situation.

Last edited by zal; May 3, 2022 @ 1:34pm

The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.

Originally posted by my new friend:

You don't need more than one thread about this or to delete/repost multiple threads.
You can have fun reading into some of the ways this can happen.
https://www.reddit.com/r/GlobalOffensiveTrade/comments/a5t6kc/psa_huge_csgo_youtuber_fell_for_the_fake_site/
https://forums.steamrep.com/pages/hijacking/

< >

Showing 1-14 of 14 comments

my new friend May 3, 2022 @ 1:26pm

Giving away your account information to those scam sites in your name history is a good way to get hijacked.

Originally posted by běi fēng xiāo:
My first theory is that the scammer is the owner of the third party site. He had access to my username and my password but still needed to get my steam mobile authentificator. He contacted steam support and pretended that he owned my account and that he lost access to the steam mobile authenticator. Steam support accepted to change the steam mobile authenticator device (even though the scammer didn't have the recovery code) and sent an sms to my phone number with the code to change the steam mobile authenticator. The question that remains is : How the f*** did the scammer get access to that code in my sms on my phone???

That's not correct at all. Support will not give access to an account just like that. It requires proof of ownership to do that.

Last edited by my new friend; May 3, 2022 @ 1:27pm

zal May 3, 2022 @ 1:48pm

Originally posted by my new friend:
Giving away your account information to those scam sites in your name history is a good way to get hijacked.
Originally posted by běi fēng xiāo:
My first theory is that the scammer is the owner of the third party site. He had access to my username and my password but still needed to get my steam mobile authentificator. He contacted steam support and pretended that he owned my account and that he lost access to the steam mobile authenticator. Steam support accepted to change the steam mobile authenticator device (even though the scammer didn't have the recovery code) and sent an sms to my phone number with the code to change the steam mobile authenticator. The question that remains is : How the f*** did the scammer get access to that code in my sms on my phone???
That's not correct at all. Support will not give access to an account just like that. It requires proof of ownership to do that.

I received an sms from Steam at 18:12 that said : "The code to disable or move your Steam Authenticator is : 48*** ". Maybe it wasn't from Steam Support but it is from Steam. I know it is from steam because I also received an email at 18:12 from Steam that said : "An SMS code has been sent to your phone to remove or replace the Steam Guard Mobile Authenticator on your account." At 18:13 I received an email from Steam that said : "You are now getting Steam Guard Mobile Authenticator codes on a new device." The question is how did the scammer get access to the sms with the code to change the device of my steam mobile authenticator?

my new friend May 3, 2022 @ 1:50pm

Originally posted by běi fēng xiāo:
I received an sms from Steam at 18:12 that said : "The code to disable or move your Steam Authenticator is : 48*** ". Maybe it wasn't from Steam Support but it is from Steam. I know it is from steam because I also received an email at 18:12 from Steam that said : "An SMS code has been sent to your phone to remove or replace the Steam Guard Mobile Authenticator on your account." At 18:13 I received an email from Steam that said : "You are now getting Steam Guard Mobile Authenticator codes on a new device." The question is how did the scammer get access to the sms with the code to change the device of my steam mobile authenticator?

Again,

Originally posted by my new friend:
Giving away your account information to those scam sites in your name history is a good way to get hijacked.

zal May 3, 2022 @ 2:00pm

I know that was stupid of me. I still want to understand how the scammer managed to get access to my sms and changed my steam mobile authentificator device. If you can't help me with that it is okay. Have a nice day.

Last edited by zal; May 3, 2022 @ 2:01pm

my new friend May 3, 2022 @ 2:02pm

Originally posted by běi fēng xiāo:
I know that was stupid of me. I still want to understand how the scammer managed to get access to my sms and changed my steam mobile authentificator device.

Because you gave away your account login information and also your Steam Guard code.

zal May 3, 2022 @ 2:08pm

Originally posted by my new friend:
Originally posted by běi fēng xiāo:
I know that was stupid of me. I still want to understand how the scammer managed to get access to my sms and changed my steam mobile authentificator device.
Because you gave away your account login information and also your Steam Guard code.

Can you provide more details. I didn't give my Steam Guard code. Also, the steam mobile authenticator code changes every 10 seconds.

The author of this thread has indicated that this post answers the original topic.

my new friend May 3, 2022 @ 2:14pm

zal May 3, 2022 @ 2:54pm

Originally posted by my new friend:
You don't need more than one thread about this or to delete/repost multiple threads.
You can have fun reading into some of the ways this can happen.
https://www.reddit.com/r/GlobalOffensiveTrade/comments/a5t6kc/psa_huge_csgo_youtuber_fell_for_the_fake_site/
https://forums.steamrep.com/pages/hijacking/

Thank you so much.

The Brown Hornet May 3, 2022 @ 4:38pm

Many who have accounts hacked or scammed usually do so by signing into third party sites, so why do people keep signing into third party sites?

Muppet among Puppets May 3, 2022 @ 4:46pm

2fa does not protect you while you use the details.

Maybe the hijacker got 2 codes from you, and with that logged in and also created backup codes. With those its like having your 2fa device.

#10

Josabooba May 3, 2022 @ 5:14pm

The steam GUARD mobile app is not what you think it is - people think "hey only I have access to my mobile, so any attempt to circumvent it will alert me" - it doesn't, HACKERS CAN GET AROUND IT.

And only people who witness the steam GUARD mobile app failure realise it's a crock of s***. I suspect the devs know it's got vulnerabilities too which are taken advantage of. Read the ToS on it - it's complete BS.

Everyone else will tell you it's your fault, until it happens to them - which they smugly "know" it never will.

About a year ago, I must have registered nearly 5,000 or so logins from my home location, then one from "Mazowieckie" pops up - thanks for alerting me steam, how did they bypass my mobile guard app which your ToS says protects me.

Keep in mind, Steam generates income from fraudulent trades the same as it does legit ones.

Edit: google "Steam Recent Login History". Some of you might get a shock!!

Last edited by Josabooba; May 3, 2022 @ 5:32pm

#11