so the questions is.. i m am safe? if not so what can i do to be more safe?

For starters don't login from 3rd party sites period, there lots of scam sites that do anything to make fake login pages that collect login info, and with QR that give them access without needing to know your login info.

Pro tip if you want to use Steam one click online method via 3rd party, go to steam itself directly, that means manual go to steam first, login to steam, then go back to 3rd party site, and use their login method of if it asked you a name & password then you know it's a scam site, as you're already login on Steam, and all it has to do is show you one button to click, no text field to enter info, no QR either, simple login.


Do these 5 steps to ensure no one on your account.
1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a clean computer.

4. Generate new backup codes.
https://store.steampowered.com/twofactor/manage

5. Revoke all API keys, there should be none.
https://steamcommunity.com/dev/apikey

Here tips, and examples to help you give an ideal of types of scams, and phishing attacks that happens online daily that people can fall for, as some are very good tricks.

Originally posted by Dr.Shadowds 🐉:

Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

YouTube™ Video: What is Phishing? 

Views: 487,937

Phishing scams are a growing threat on the Internet. By being aware of the scam, — you can feel confident in working with companies online. http://www.getcybersafe.gc.ca/index-eng.aspx

The type of story scammers say to you.

- "Hey vote for my team", and they link you a phishing site link, and try get you to login.

- "Hey I can't add you, please add me", and they try to start their scam with you.

- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...

- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.


I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315
https://steamcommunity.com/sharedfiles/filedetails/?id=2570975058

YouTube™ Video: Steam scam to be aware of (fake steam staff message) 

Views: 18,048

maybe new videos coming soon also.. or livestreams

YouTube™ Video: API-SCAM! What is it? How to PREVENT it and KEEP your CS:GO SKINS SAVE? 

Views: 37,951

So recently the API-Scam is getting more common and people still do not know about this. It is very easy to lose a lot of CS:GO Skins through it just because nobody knows it and phising and hacking...

YouTube™ Video: The "I accidentally reported you" to a Steam Admin SCAM 

Views: 61,980

Don't fall for this fake "Steam Admin" scam! Leave a like if you enjoyed the video! 👍 ✦ CHECK OUT MY WEBSITE ✦ Get balance & discounts on multiple sites Link: https://jordanr.net ✦...

YouTube™ Video: NEW STEAM VOTING SCAM! (I WAS SOLD ON THE DARKWEB!?!?!?!?) 

Views: 2,329

subscribe or ill manifest cancer in your firstborn Twitch: https://www.twitch.tv/nixnrl Twitter: https://twitter.com/home report his steam account: https://steamcommunity.com/id/XPEOF/

https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890

Originally posted by Dr.Shadowds 🐉:

For starters don't login from 3rd party sites period, there lots of scam sites that do anything to make fake login pages that collect login info, and with QR that give them access without needing to know your login info.

I edit this in a minute.

i think that maybe they didn t got acces to it beacuse when you scan a steam log in qr you need to confirm the log in on the steam mobile app but i actually didn t pressed that, so logically i haven t fully loggined in but the question still remains that hey maybe did something to me if i only scanned and not pressed to log in?

Originally posted by faza lunga peek hanky:

Originally posted by Dr.Shadowds 🐉:

For starters don't login from 3rd party sites period, there lots of scam sites that do anything to make fake login pages that collect login info, and with QR that give them access without needing to know your login info.

I edit this in a minute.

i think that maybe they didn t got acces to it beacuse when you scan a steam log in qr you need to confirm the log in on the steam mobile app but i actually didn t pressed that, so logically i haven t fully loggined in but the question still remains that hey maybe did something to me if i only scanned and not pressed to log in?

Oh, then you're fine, as long you did approve that login, nor enter login details then there no way for them to had gain access.

Please note if you had at any point did login via 3rd party, scammer bot accounts can sit on your account for weeks without you noticing, so keep in mind, it better to login from steam itself before visiting 3rd party site to using their login method.

One last thing, if you have API key remove them as scammers uses that method to redirect your trades.

Originally posted by Dr.Shadowds 🐉:

Originally posted by faza lunga peek hanky:

i think that maybe they didn t got acces to it beacuse when you scan a steam log in qr you need to confirm the log in on the steam mobile app but i actually didn t pressed that, so logically i haven t fully loggined in but the question still remains that hey maybe did something to me if i only scanned and not pressed to log in?

Oh, then you're fine, as long you did approve that login, nor enter login details then there no way for them to had gain access.

Please note if you had at any point did login via 3rd party, scammer not accounts can sit on your account for weeks without you noticing, so keep in mind, it better to login from steam itself before visiting 3rd party site to using their login method.

One last thing, if you have API key remove them as scammers uses that method to redirect your trades.

oh, nice but a single question i have.. i am actually logined in a trusted and popular 3rd party site for cs go cases(i m not giving the name but it is a well known one) and i'm wondering if the site can get just hacked then all our info will be taken? it actually is a posible scenario so is good to know

Originally posted by faza lunga peek hanky:

oh, nice but a single question i have.. i am actually logined in a trusted and popular 3rd party site for cs go cases(i m not giving the name but it is a well known one) and i'm wondering if the site can get just hacked then all our info will be taken? it actually is a posible scenario so is good to know

Yes it possible those 3rd party site could get hacked, it wouldn't be the first, or excuses they claim site got hacked, but it's best to not put trust into them.

If you had used Steam password, or using same password, I suggest changing password on all things that using same password just for peace of mind, this way even if one password was leaked they wouldn't know what it is for other services you use such as your email, and such.

My advice always do the method I suggested this way it's fool proof so they wouldn't be able to collect your info, or login token.

Never login to links or buttons. At all.

Originally posted by faza lunga peek hanky:

i am actually logined in a trusted and popular 3rd party site for cs go cases(i m not giving the name but it is a well known one) and i'm wondering if the site can get just hacked then all our info will be taken? it actually is a posible scenario so is good to know

All skin trading/gambling sites are scam sites. Quit using them or risk losing your items and even worse if they cause a vac/game ban on the account.

Originally posted by jh:

hello, yes i scanned a qr code of a 3rd site that was supposed to can withdraw some steam items and im not totaly sure if i logined in succesufuly because when i realised i closed it while that loading circle was still there, whatever ,then imediately reseted my password and unauthorized all devices(then i checked some minutes later an saw no sketchy log in). i think (if) my details had ben stolen im still safe because i changed my pass instantly but im not sure, *ps i have steam mobile autentificator, sms and even backup keys*

Same thing happened to me on skin monkey (not sure if it was the real one), scanned the qr code and then got a text asking to disable my authenticator. didn’t do it because it scared me, but I’m still scared my account might be compromised anyone have suggestions?

Originally posted by Barry2Baked:

Originally posted by jh:

hello, yes i scanned a qr code of a 3rd site that was supposed to can withdraw some steam items and im not totaly sure if i logined in succesufuly because when i realised i closed it while that loading circle was still there, whatever ,then imediately reseted my password and unauthorized all devices(then i checked some minutes later an saw no sketchy log in). i think (if) my details had ben stolen im still safe because i changed my pass instantly but im not sure, *ps i have steam mobile autentificator, sms and even backup keys*

Same thing happened to me on skin monkey (not sure if it was the real one), scanned the qr code and then got a text asking to disable my authenticator. didn’t do it because it scared me, but I’m still scared my account might be compromised anyone have suggestions?

Read the 5 steps from reply #2.

Originally posted by rawWwRrr:

Originally posted by Barry2Baked:

Same thing happened to me on skin monkey (not sure if it was the real one), scanned the qr code and then got a text asking to disable my authenticator. didn’t do it because it scared me, but I’m still scared my account might be compromised anyone have suggestions?

Read the 5 steps from reply #2.

I’ve done 2 and 5 already should I really change my password if it was a QR code that I scanned?

Originally posted by Barry2Baked:

Originally posted by rawWwRrr:

Read the 5 steps from reply #2.

I’ve done 2 and 5 already should I really change my password if it was a QR code that I scanned?

Read the 5 steps from reply #2.

Originally posted by Barry2Baked:

Originally posted by jh:

hello, yes i scanned a qr code of a 3rd site that was supposed to can withdraw some steam items and im not totaly sure if i logined in succesufuly because when i realised i closed it while that loading circle was still there, whatever ,then imediately reseted my password and unauthorized all devices(then i checked some minutes later an saw no sketchy log in). i think (if) my details had ben stolen im still safe because i changed my pass instantly but im not sure, *ps i have steam mobile autentificator, sms and even backup keys*

Same thing happened to me on skin monkey (not sure if it was the real one), scanned the qr code and then got a text asking to disable my authenticator. didn’t do it because it scared me, but I’m still scared my account might be compromised anyone have suggestions?

You do know it shows you google map, and IP address when you scan QR code on the steam app, you know this right, or just smash buttons without looking? Asking because making you aware of this as it been there since day one.

Also don't scan QR code on ANY 3rd party site, only do it for Steam app no where else, there no reason to be scanning QR code from from 3rd party sites ever as there ENDLESS amount of scam sites online.

Btw follow ALL steps to ensure account safe that the point, and goal of the steps.

If you insist on using third party sites do it the safe way

1. Open Web browser
2. Login on Steams Official page
3. Visit Third party site
4. Look for and use the one click login button and you should get automatically logged in
5. If 4 doesn't work and you're asked for you username, password and Guard code or anything else your on a phishing site. LEAVE and DO NOT use again

Originally posted by Supafly:

If you insist on using third party sites do it the safe way

1. Open Web browser
2. Login on Steams Official page
3. Visit Third party site
4. Look for and use the one click login button and you should get automatically logged in
5. If 4 doesn't work and you're asked for you username, password and Guard code or anything else your on a phishing site. LEAVE and DO NOT use again

^this.

It should look like this.
https://steamcommunity.com/sharedfiles/filedetails/?id=2338543075