All Discussions > Steam Forums > Help and Tips > Topic Details
ミ★ shyvee ★彡 Dec 5, 2022 @ 6:08pm
Hacked without triggering Mobile Authenticator?
I come back from school to see emails that a bunch of Community Market purchases have been made. I'm in shock. I have 2-Factor as well as Mobile Authenticator for my accounts. My phone is with me and has no viruses (did a scan). I did scans on all my Trusted Devices, including for root kits, no bite.

I don't believe they logged onto my account as I received no emails nor did I receive any notifications/conformations on the Mobile Authenticator. My theory is they may have accessed one of my devices remotely, but I'm not sure if that's what happened.

Atm my account is locked, I lost many of my cheap items (I cut the bot before it reached my high-tier items), and I reported the Throwaway Accounts that were buying my items (same people).

Is there anything else for me to do? What can I do to prevent something like this from ever happening again? I am beyond terrified of buying my items back just for them to be stolen in a few days by the same people.

(Passwords have been changed for everything, new backup codes, took off and put back the mobile authenticator)
< >
Showing 1-15 of 23 comments
Bee🐝 Dec 5, 2022 @ 6:28pm 
There was no notification because they already had your Steam Guard code. 2FA isn’t magical, it can’t protect you from yourself; somewhere along the line you gave them access.

Two most common ways that accounts are hijacked: you either “voted” on someone’s team and logged into a dummy Steam login page, or you used a third party trade/gambling site.

Note, is does not matter when you used those sites, if you have EVER used ANY third-party site you placed your account at risk. Hijackings are delayed.

Remember to check and revoke any entry on your Steam API key page - your Steam API key should always be empty.
Last edited by Bee🐝; Dec 5, 2022 @ 6:31pm
#1
ミ★ shyvee ★彡 Dec 5, 2022 @ 6:37pm 
How was the Steam Guard code acquired?
I never inputted my data on any website, besides Steam app.

How do I check my Steam API Key? I checked and it was blank.
#2
ミ★ shyvee ★彡 Dec 5, 2022 @ 6:38pm 
I did more research and found I also had no login at the time it happened, only me.
#3
ミ★ shyvee ★彡 Dec 5, 2022 @ 6:38pm 
No one logged into my account.
#4
Bee🐝 Dec 5, 2022 @ 6:47pm 
Originally posted by Materick:
How was the Steam Guard code acquired?
I never inputted my data on any website, besides Steam app.

How do I check my Steam API Key? I checked and it was blank.
Revoke the API key https://steamcommunity.com/dev/apikey

Your code was acquired at the point where you entered you login details somewhere that wasn’t Steam - it was most likely a dummy page. Only you can know when that happened; it was most likely a site you trusted.

Steam wasn’t hacked, and no super hacker brute forced a randomly generated, extremely time sensitive, 5 digit code.
Last edited by Bee🐝; Dec 5, 2022 @ 6:47pm
#5
ミ★ shyvee ★彡 Dec 5, 2022 @ 7:28pm 
Originally posted by Bee:
Originally posted by Materick:
How was the Steam Guard code acquired?
I never inputted my data on any website, besides Steam app.

How do I check my Steam API Key? I checked and it was blank.
Revoke the API key https://steamcommunity.com/dev/apikey

Your code was acquired at the point where you entered you login details somewhere that wasn’t Steam - it was most likely a dummy page. Only you can know when that happened; it was most likely a site you trusted.

Steam wasn’t hacked, and no super hacker brute forced a randomly generated, extremely time sensitive, 5 digit code.
Yep checked this and it was blank. Nothing there. I even made one and reset it.
So how did they get my Code if it resets every few seconds?
#6
Callahan420 Dec 5, 2022 @ 7:38pm 
Once in the account they can generate backup codes and use those. They can also just leave the account open and not logout.

do all the steps

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.
Last edited by Callahan420; Dec 5, 2022 @ 7:39pm
#7
ミ★ shyvee ★彡 Dec 5, 2022 @ 7:43pm 
But how did they get IN the account? There was never a login. They never logged in. Never was a notif for mobile authenticator.

Originally posted by Callahan420:
Once in the account they can generate backup codes and use those. They can also just leave the account open and not logout.

do all the steps

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.
#8
crunchyfrog Dec 5, 2022 @ 8:01pm 
Originally posted by Materick:
But how did they get IN the account? There was never a login. They never logged in. Never was a notif for mobile authenticator.

Originally posted by Callahan420:
Once in the account they can generate backup codes and use those. They can also just leave the account open and not logout.

do all the steps

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.
API code most likely as that's typically how it works.

When you go on dodgy skin sites or gambling websites, they typically either ask you to log into Steam (except you're actually giving them your login details). . Or they're implanting malware that does the job for them.

And they get access and do the bad actions through the API key.

So once you've fixed it never ever trade outside steam and never ever log into any site outside of steam with your steam details.
#9
Muppet among Puppets Dec 6, 2022 @ 3:21am 
Originally posted by Materick:
But how did they get IN the account? There was never a login. They never logged in. Never was a notif for mobile authenticator.
They get in while you think you get in. Phishing.

If your computer was running, remote access could also be possible. Or if it was not running, keylogging your details and codes, again, when you login,
could have enabled them to use your account for "later".
#10
Supafly Dec 6, 2022 @ 3:45am 
Would be hijacked not hacked.

If you didn't login on a phishing site, the usual reason, maybe someone got access to your phone?

Maybe Malware on your computer that gave them access and they just sold everything they could that was below the £ to require confirmation

Don't need to confirm sale/trade of low value items
As for someone buying stuff you don't need to confirm when you buy things either
#11
ミ★ shyvee ★彡 Dec 6, 2022 @ 4:30am 
Originally posted by Muppet among Puppets:
Originally posted by Materick:
But how did they get IN the account? There was never a login. They never logged in. Never was a notif for mobile authenticator.
They get in while you think you get in. Phishing.

If your computer was running, remote access could also be possible. Or if it was not running, keylogging your details and codes, again, when you login,
could have enabled them to use your account for "later".
Hm, if it was phising how can I prevent this from happening again? What prevents it? Changing password?
#12
Muppet among Puppets Dec 6, 2022 @ 4:35am 
Originally posted by Materick:
Originally posted by Muppet among Puppets:
They get in while you think you get in. Phishing.

If your computer was running, remote access could also be possible. Or if it was not running, keylogging your details and codes, again, when you login,
could have enabled them to use your account for "later".
Hm, if it was phising how can I prevent this from happening again? What prevents it? Changing password?
The steps to secure your account mentioned above help to lock existing people on your account out.

The rule to prevent phishing in general:
Never log into links or buttons.
#13
Supafly Dec 6, 2022 @ 4:36am 
Originally posted by Materick:
Originally posted by Muppet among Puppets:
They get in while you think you get in. Phishing.

If your computer was running, remote access could also be possible. Or if it was not running, keylogging your details and codes, again, when you login,
could have enabled them to use your account for "later".
Hm, if it was phising how can I prevent this from happening again? What prevents it? Changing password?
Phishing is when the user tries to login on a phishing website. The solution is to not login on dodgy phishing websites.
#14
ミ★ shyvee ★彡 Dec 6, 2022 @ 4:57am 
Originally posted by Supafly:
Originally posted by Materick:
Hm, if it was phising how can I prevent this from happening again? What prevents it? Changing password?
Phishing is when the user tries to login on a phishing website. The solution is to not login on dodgy phishing websites.
Im still getting malware alerts so I dont think its phising.
#15
< >
Showing 1-15 of 23 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Dec 5, 2022 @ 6:08pm
Posts: 23
Start a New Discussion

Discussions Rules and Guidelines