All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
Fearagen Feb 23, 2023 @ 2:45pm
My account was apparently hijacked by a giftcard scammer.
So, I am just minding my own business when I get a message from my friend saying "i think your account is being hacked" and of course when I see "sup, gift steam (Random)$ balance for you, just claim it" being sent 2 times with an obvious fake link by my own account to my friend. (They spelled steamcommunity wrong for their fake url) I immediately changed my password and checked if steam guard is enabled, and it has been enabled since my account's creation in 2014. I wonder how they didn't trip the steam guard code as all my other accounts are fine and virus scans came up clean on my computer, was there a data breach recently? I even checked my browsing history surrounding the dates of when the 2 messages were sent but nothing sketchy on those days in particular. Nothing downloaded, nothing visited, as I am careful on the internet and never type my login credentials anywhere but steam themselves. I even run a ad blocker. I am kind on edge and am now putting off doing tons of grinding on Destiny 2 just to keep a close eye on everything. I would appreciate if anybody could let me know how this happened and what further steps I should consider. I might contact steam to let them know that steam guard may of potentially broke for some accounts.
< >
Showing 1-15 of 20 comments
cSg|mc-Hotsauce Feb 23, 2023 @ 2:49pm 
All steps...

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (should be empty)
https://steamcommunity.com/dev/apikey

:qr:
#1
Fearagen Feb 23, 2023 @ 2:57pm 
Originally posted by cSg|mc-Hotsauce:
All steps...

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (should be empty)
https://steamcommunity.com/dev/apikey

:qr:
Already been through those and the api key thing is empty, just says "Register for a new Steam Web API Key" and obviously if that is a point of entry no way I am registering for an api key and I don't even run a website. I think I am good to go though, changing my password logged me out of everything to begin with as I had to relog into the steam app on my phone. And I did a scan with Windows Defender + Malwarebytes.
#2
Muppet among Puppets Feb 23, 2023 @ 3:13pm 
Have you ever logged into something that looked like steam, but was not your client?
Think back, until you remember.
For example "log in with", or someone told you to login. Anything apart your client.
#3
Fearagen Feb 23, 2023 @ 3:18pm 
Originally posted by Muppet among Puppets:
Have you ever logged into something that looked like steam, but was not your client?
Think back, until you remember.
For example "log in with", or someone told you to login. Anything apart your client.
Like I said I went into edge's browser history and searched by date range and I didn't see any strange links. I do not trade so I have not fallen for some weird trade scam, there is apparantly an API scam but like I said it says to register a new one without specifying a pre-existing one and unless I ran a website, I see no reason to have that. And no one has sent me a suspicious URL in fact I only am friends with 1 person on steam and they are a family member that has never sent me any links apart from maybe YouTube videos, I even copied those and checked but they are legit YouTube links, no redirects.
#4
Joke Feb 23, 2023 @ 3:42pm 
Note that a hijacker could have entered your account weeks, or even months ago, and then just kept himself logged in until he decided to do something.

So even if you checked your browser history and found nothing for those particular dates, it may have happened long before.

You might find something if you check your login history on Steam, looking for a login that's out of place (location that differs from your usual location).

Change password for your email in any case, as if that is compromised then they can get in that way regardless of steam guard.
Last edited by Joke; Feb 23, 2023 @ 3:43pm
#5
Fearagen Feb 23, 2023 @ 3:48pm 
Originally posted by Joke:
Note that a hijacker could have entered your account weeks, or even months ago, and then just kept himself logged in until he decided to do something.

So even if you checked your browser history and found nothing for those particular dates, it may have happened long before.

You might find something if you check your login history on Steam, looking for a login that's out of place (location that differs from your usual location).

Change password for your email in any case, as if that is compromised then they can get in that way regardless of steam guard.
I have changed every single one of my passwords on all of my accounts, basically did an emergency lock down type deal. And I checked login history and there was a login from russia when the first gift card message was sent, of course I have never been to Russia myself like I brought my phone on a vacation and it connected to Russia's cell towers telling steam my accounts there. Never been outside the US. There are other states but of course that is my mobile data plan when I am out the house. Thankfully no one was in my gmail, I checked the security page and no device/different ip addresses. But just in-case I did change that password along with all my others. And before your comment I scrolled all the way down my browsers history page, and I really checked thoroughly and nothing in sight.
Last edited by Fearagen; Feb 23, 2023 @ 3:52pm
#6
Fearagen Feb 23, 2023 @ 4:09pm 
Here is a screenshot of the chat window in-case anybody is interested or wants to do some research.
https://imgur.com/a/WkfNYGm
Monday this started but of course I was sent no codes/steam doesn't make a sound when you send a message, so I was oblivious, they didn't do anything to my account though thank the heavens, profile page is intact, my guides, screenshots, you name it. Kind of got lucky if you think about it.
#7
Muppet among Puppets Feb 24, 2023 @ 12:46am 
If you didnt leak the details, a device you used, did.

People who use phishing links are not the people who dont need to phish
#8
b0UNC3' Feb 24, 2023 @ 3:39am 
Same happened to me on wednesday also a login from russia, just a csgo skin scam instead of gift card, still trying to find out how. Also got my steam guard enabled and steam set to send the codes only through steam guard.
#9
Fearagen Feb 24, 2023 @ 4:33am 
Originally posted by Muppet among Puppets:
If you didnt leak the details, a device you used, did.

People who use phishing links are not the people who dont need to phish
I mean, I ran the Malwarebytes scan, even a Windows Defender scan after checking for Windows updates to update the definitions. And the only other devices are a single iPhone and all I ever do on that is watch videos about 99% of that phones life besides calls/texting. And all I ever used this steam account for is gaming, no trading or anything, I basically didn't have to fall for anything/or lift my finger, I suspect some old database leak as my password stayed the same since 2014 up until now when I was breached. I checked "haveibeenpwned" for my email but it just says something for emuparadise but I don't use the same password across sites. I really wish I could say I fell for something, but I really didn't, which makes this scarier.
#10
Fearagen Feb 24, 2023 @ 4:35am 
Originally posted by b0UNC3':
Same happened to me on wednesday also a login from russia, just a csgo skin scam instead of gift card, still trying to find out how. Also got my steam guard enabled and steam set to send the codes only through steam guard.
At least someone else is in the same boat, Still sketched out and have been camping on https://help.steampowered.com/en/accountdata/SteamLoginHistory in fact I have it pinned in my bookmarks, checking it once a morning and once before I hit the bed.

If you do figure what exactly may have caused it reply here. But if it is related to trading my incident is still unknown, obviously I fixed the problem by resetting my password and my account is safe again but still would like to know what may have caused this. Been doing research but it mostly comes up dry, similar but not exact.
Last edited by Fearagen; Feb 24, 2023 @ 4:50am
#11
b0UNC3' Feb 24, 2023 @ 4:51am 
Originally posted by Fearagen:
Originally posted by b0UNC3':
Same happened to me on wednesday also a login from russia, just a csgo skin scam instead of gift card, still trying to find out how. Also got my steam guard enabled and steam set to send the codes only through steam guard.
At least someone else is in the same boat, Still sketched out and have been camping on https://help.steampowered.com/en/accountdata/SteamLoginHistory in fact I have it pinned in my bookmarks, checking it once a morning and once before I hit the bed.

If you do figure what exactly may have caused it reply here. But if it is related to trading my incident is still unknown, obviously I fixed the problem by resetting my password and my account is safe again but still would like to know what may have caused this. Been doing research but it mostly comes up dry, similar but not exact.
Will do, i also dont trade.
#12
Muppet among Puppets Feb 24, 2023 @ 4:54am 
Originally posted by Fearagen:
Originally posted by Muppet among Puppets:
If you didnt leak the details, a device you used, did.

People who use phishing links are not the people who dont need to phish
I mean, I ran the Malwarebytes scan, even a Windows Defender scan after checking for Windows updates to update the definitions. And the only other devices are a single iPhone and all I ever do on that is watch videos about 99% of that phones life besides calls/texting. And all I ever used this steam account for is gaming, no trading or anything, I basically didn't have to fall for anything/or lift my finger, I suspect some old database leak as my password stayed the same since 2014 up until now when I was breached. I checked "haveibeenpwned" for my email but it just says something for emuparadise but I don't use the same password across sites. I really wish I could say I fell for something, but I really didn't, which makes this scarier.
That are the few scenarios where 2 factor can help.
So when steam gets hacked, or a database leaks somwhere, that is WHEN 2fa is usefull.

It just is very unlikely that it was nothing on your side (the side where all 3 login details come together), but instead something so major that not only 3 separate details got put together from databases on protected servers, the encrypted salted hash parts would have to be decrypted, brute forced, and then they open your profile...... ?
To send phishing links?

Really, that does not make any sense.
#13
One-Per-Cent Feb 24, 2023 @ 9:35pm 
Just did a search on Steam for your username and there are two accounts with your name and the same profile pic. Are these both you, or is someone spoofing your account?
#14
Fearagen Feb 24, 2023 @ 9:48pm 
Originally posted by Loxosceles Australis:
Just did a search on Steam for your username and there are two accounts with your name and the same profile pic. Are these both you, or is someone spoofing your account?
https://steamcommunity.com/id/FearagenOfficial is just me URL snatching to prevent "FearagenOfficial" from being taken for impersonation as I run a channel. I don't see two though, just mine and my impersonation prevention account.
https://imgur.com/a/2tR0lC4
And the 3 other people were most likely fans of a guy that had this name for his omegle pranking channel that got taken down in like 2015. You can do a search on YouTube of "Fearagen" to see. My channel is of horror game let's plays. And also, have had no further breaches, account seems to be at least 99% secure which is great. Still keeping an eye on the account data page and also keeping an eye on all of my other accounts like my gmail and whatever else.
Last edited by Fearagen; Feb 24, 2023 @ 9:49pm
#15
< >
Showing 1-15 of 20 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Feb 23, 2023 @ 2:45pm
Posts: 20
Start a New Discussion

Discussions Rules and Guidelines