If you knew you were hijacked for two weeks, why the hell didn't you secure your account immediately? You could've kicked out the scammers in a couple of clicks instead of them sitting on your account.

Do the following steps in order and without fail:-

Scan for malware. https://www.malwarebytes.com/

Deauthorize all Devices https://store.steampowered.com/twofactor/manage

Change your Password on a secure device

Generate new Back Up Codes https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey (this should be empty)

Originally posted by ♦️ Louzanₛₚ:

I wonder how that was happening without the use of my steam guard or any confirmations?

API hijacking. The steps to clean it up are already listed in the first posting. Follow them all.
An API code allows you or anyone who has access to it to remotely control your account, receiving and sending data. This can be useful for website displays and automatic protocols, but also has high misuse potential.
The thing, that happened to you, has been going on for circa 5-6 years now, and we get threads like yours multiple times a day. The market scheme is a newer one, before that, the main strategy was to scare users into trading all their inventory away.

The good news is, Steam has mechanics to detect massively overpriced trades and usually blocks the other party right away. They won't get to enjoy their gains. Report the account anyway.

Important for the future: Do not enter your Steam login into any other website than the main page of Steam. If you are logged in there in your browser, you can confirm your account without entering any data on other legitimate websites. If a page still asks for your name and password, it is a trap like this one.

No, I didn't know I was hijacked, obviously, yeterday I looked up all my login history and I saw all these Russians locations there since two weeks ago, but I only noticed yesterday.

Yes, I did all that already (except the api, didn't think of that), but thanks anyway, is good advice.

Originally posted by ♦️ Louzanₛₚ:

No, I didn't know I was hijacked, obviously, yeterday I looked up all my login history and I saw all these Russians locations there since two weeks ago, but I only noticed yesterday.

Yes, I did all that already (except the api, didn't think of that), but thanks anyway, is good advice.

Ah fair enough. Make sure you report this incident and the recipients to Support but any money lost this way is not returned sadly.

Originally posted by J4MESOX4D:

Originally posted by ♦️ Louzanₛₚ:

No, I didn't know I was hijacked, obviously, yeterday I looked up all my login history and I saw all these Russians locations there since two weeks ago, but I only noticed yesterday.

Yes, I did all that already (except the api, didn't think of that), but thanks anyway, is good advice.

Ah fair enough. Make sure you report this incident and the recipients to Support but any money lost this way is not returned sadly.

They don't even return the fees they kept for the transaction, is like supporting the rober, I'm going to consult to a consumer protection agent, in Europe we always can cancel a purchase, no matter what, you can sign a 2 year contract with some phone company or insurance or whatever, with big penalties for early cancelling, but the first 30 days you can always decline.

Originally posted by ♦️ Louzanₛₚ:

They don't even return the fees they kept for the transaction, is like supporting the rober, I'm going to consult to a consumer protection agent, in Europe we always can cancel a purchase, no matter what, you can sign a 2 year contract with some phone company or insurance or whatever, with big penalties for early cancelling, but the first 30 days you can always decline.

I think, the issue with Steam, that protects them legally from taking actions against theft, is that you don't own anything in your account. The game licenses, the inventory and the wallet money are all property of Valve, and you are merely allowed to use them.

Originally posted by ♦️ Louzanₛₚ:

Originally posted by J4MESOX4D:

Ah fair enough. Make sure you report this incident and the recipients to Support but any money lost this way is not returned sadly.

They don't even return the fees they kept for the transaction, is like supporting the rober, I'm going to consult to a consumer protection agent, in Europe we always can cancel a purchase, no matter what, you can sign a 2 year contract with some phone company or insurance or whatever, with big penalties for early cancelling, but the first 30 days you can always decline.

Users are responsible for the security of the account and all that happens on it.

Originally posted by Callahan420:

Originally posted by ♦️ Louzanₛₚ:

They don't even return the fees they kept for the transaction, is like supporting the rober, I'm going to consult to a consumer protection agent, in Europe we always can cancel a purchase, no matter what, you can sign a 2 year contract with some phone company or insurance or whatever, with big penalties for early cancelling, but the first 30 days you can always decline.

Users are responsible for the security of the account and all that happens on it.

That is not true, Steam have their own security systems that I can't have access or modify, so I can't be responsible of that. Is like telling me, you are responsible of locking your house, if someone enters and rob you because you didn't lock the door, we can't do anything about it and the thief is legally allowed to keep your stuff.

its your fault if you give away you information on a pishing site

Originally posted by ♦️ Louzanₛₚ:

Originally posted by Callahan420:

Users are responsible for the security of the account and all that happens on it.

That is not true, Steam have their own security systems that I can't have access or modify, so I can't be responsible of that. Is like telling me, you are responsible of locking your house, if someone enters and rob you because you didn't lock the door, we can't do anything about it and the thief is legally allowed to keep your stuff.

It is true. Steam's security is fine and the only way to have an account compromised is if the user gives away their credentials including a live auth code to a phishing site or installs tailored malware on their device.

If you give away your house keys to a thief, the insurance will NOT pay out a single penny where there is no evidence of forced entry. Incompetence is not compensated.

Originally posted by ♦️ Louzanₛₚ:

Originally posted by Callahan420:

Users are responsible for the security of the account and all that happens on it.

That is not true, Steam have their own security systems that I can't have access or modify, so I can't be responsible of that. Is like telling me, you are responsible of locking your house, if someone enters and rob you because you didn't lock the door, we can't do anything about it and the thief is legally allowed to keep your stuff.

The only way to get a Steam account compromised is either via phishing or malware. Either way, it takes active participation of the accountholder. When getting phished, you give away login name, password and then active guard code on the phishing site, which a bot quickly inputs to gain access to the account.

To use your example, you gave the keys and alarm code to the thiefs. And no, Steam can't do anything about that.

Valve changed their item restoration policy because too many people abused it. People claimed they got "hacked" when they had sellers remorse. People also didn't actually care about account security, because Valve restored items anywa. So Valve changed it, because people showed it was necessary.
You can thank your fellow human beings that the policy is as it is now.

Originally posted by J4MESOX4D:

Originally posted by ♦️ Louzanₛₚ:

That is not true, Steam have their own security systems that I can't have access or modify, so I can't be responsible of that. Is like telling me, you are responsible of locking your house, if someone enters and rob you because you didn't lock the door, we can't do anything about it and the thief is legally allowed to keep your stuff.

It is true. Steam's security is fine and the only way to have an account compromised is if the user gives away their credentials including a live auth code to a phishing site or installs tailored malware on their device.

If you give away your house keys to a thief, the insurance will NOT pay out a single penny where there is no evidence of forced entry. Incompetence is not compensated.

I understand about the insurance, but the thief will be prosecuted by the law, which Steam is not doing anything about this anyway.

Plus I didn't give my keys to anyone, I was tricked, so it wasn't a voluntary action.

Originally posted by Crazy Tiger:

Originally posted by ♦️ Louzanₛₚ:

Valve changed their item restoration policy because too many people abused it. People claimed they got "hacked" when they had sellers remorse. People also didn't actually care about account security, because Valve restored items anywa. So Valve changed it, because people showed it was necessary.
You can thank your fellow human beings that the policy is as it is now.

I understand that, but you can see all the suspicous log-ins from Russia, country I never step in my life, and you can see the log ins jumping in between Germany and Russia every day, which is impossible and one of the most reasonable explanations is that someone has access to my account from Russia while I'm in Germany. And just few minutes before the transaction you can see another login from Russia and then I just buy and item way above market value? You think that looks like one of those false claims?

I totally understand about the fake claims, but just look at my case, I provided with evidence about what I said, they can also see those fishy log-in and how they were sending spam and deleting players from my friend's list, they don't need my screen captures. And yes, you have many fake claims but you just stop looking into anything? Is just showing how lazy they are, or should the police stop policing because there are many fake calls?

Originally posted by ♦️ Louzanₛₚ:

Originally posted by J4MESOX4D:

It is true. Steam's security is fine and the only way to have an account compromised is if the user gives away their credentials including a live auth code to a phishing site or installs tailored malware on their device.

If you give away your house keys to a thief, the insurance will NOT pay out a single penny where there is no evidence of forced entry. Incompetence is not compensated.

I understand about the insurance, but the thief will be prosecuted by the law, which Steam is not doing anything about this anyway.

Plus I didn't give my keys to anyone, I was tricked, so it wasn't a voluntary action.

Steam's responsibility extends to recovering the account for the victim and that's it. Not all thieves are ever captured or convicted either. Even if you were 'tricked' you still gave away your entire credential set which allowed scammers to shadow-hijack your account. If you came out of this only losing wallet credit then you've got off lightly and it's a good lesson going forward.

Originally posted by J4MESOX4D:

it's a good lesson going forward.

For sure, I should have known better, I'm not a graduate in computer science, but I know my stuff, but the phising came from a friend I trust and that moment didn't occur to me that it wasn't him.

Thanks for answering man, I appreciate it.