Originally posted by Crazy Tiger:

Phishing is the most likely cause, OP. When people get phished, they give out the account name, password and then active guard code. A bot quickly enters it and hijackers have access then. Ultimately 2FA is "just another code" that can be given away when getting phished. It's not a magical defense layer.

Have you secured your account? If not:
- Scan for malware. https://www.malwarebytes.com/
- Deauthorize all devices https://store.steampowered.com/twofactor/manage
- Change your password on a secure device.
- Generate new back up codes. https://store.steampowered.com/twofactor/manage
- Revoke the api key https://steamcommunity.com/dev/apikey

Find out how you leaked your credentials. Phishing and malware are the two ways it happens, phishing is the most likely one. Either way, find out how you leaked your credentials.

Items are gone, they do not get returned nor will you get money back for them. The item restoration policy: https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Not all items require confirmation. https://steamcommunity.com/groups/community_market/announcements/detail/1705067494681435160

Originally posted by Crazy Tiger:

Phishing is the usual vector. People often get compromised months before the hijackers take action, so looking into the recent logins doesn't show that.

Relevant info:

Originally posted by Crazy Tiger:

Phishing is the most likely cause, OP. When people get phished, they give out the account name, password and then active guard code. A bot quickly enters it and hijackers have access then. Ultimately 2FA is "just another code" that can be given away when getting phished. It's not a magical defense layer.

Have you secured your account? If not:
- Scan for malware. https://www.malwarebytes.com/
- Deauthorize all devices https://store.steampowered.com/twofactor/manage
- Change your password on a secure device.
- Generate new back up codes. https://store.steampowered.com/twofactor/manage
- Revoke the api key https://steamcommunity.com/dev/apikey

Find out how you leaked your credentials. Phishing and malware are the two ways it happens, phishing is the most likely one. Either way, find out how you leaked your credentials.

Items are gone, they do not get returned nor will you get money back for them. The item restoration policy: https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Not all items require confirmation. https://steamcommunity.com/groups/community_market/announcements/detail/1705067494681435160

Originally posted by JackstrerII:

the same thing happened to me, but I kicked him out fast, before he could lock me out, sadly he was able to steal 300 dollars worth of items, and all the items are still in his account
and will still be there until the tenth they even did the same trick by reporting themselves with my account.

They were able to Phis me by using my friend's account that got compromised, somehow compromising my Steam authenticator, never even saw it coming.

they cite that the main reason they don't retrieve items is that they get traded and can't be retrieved after that so they make new copies. I don't really get why they blocked all forms of item recovery as I can still see all my items in his inventory.

Originally posted by iMpactFuze:

Originally posted by JackstrerII:

the same thing happened to me, but I kicked him out fast, before he could lock me out, sadly he was able to steal 300 dollars worth of items, and all the items are still in his account
and will still be there until the tenth they even did the same trick by reporting themselves with my account.

They were able to Phis me by using my friend's account that got compromised, somehow compromising my Steam authenticator, never even saw it coming.

they cite that the main reason they don't retrieve items is that they get traded and can't be retrieved after that so they make new copies. I don't really get why they blocked all forms of item recovery as I can still see all my items in his inventory.

I can make peace with the fact I won't get my items again. But I'd atleast like for the account to get trade banned so that my items are useless to him. Steam support are unwilling to even investigate that.

Originally posted by iMpactFuze:

Originally posted by JackstrerII:

the same thing happened to me, but I kicked him out fast, before he could lock me out, sadly he was able to steal 300 dollars worth of items, and all the items are still in his account
and will still be there until the tenth they even did the same trick by reporting themselves with my account.

They were able to Phis me by using my friend's account that got compromised, somehow compromising my Steam authenticator, never even saw it coming.

they cite that the main reason they don't retrieve items is that they get traded and can't be retrieved after that so they make new copies. I don't really get why they blocked all forms of item recovery as I can still see all my items in his inventory.

I can make peace with the fact I won't get my items again. But I'd atleast like for the account to get trade banned so that my items are useless to him. Steam support are unwilling to even investigate that.

Originally posted by Chompman:

Originally posted by iMpactFuze:

I can make peace with the fact I won't get my items again. But I'd atleast like for the account to get trade banned so that my items are useless to him. Steam support are unwilling to even investigate that.

The problem is trade banning random accounts like that doesn't work as steam does not know if they broke the rules just because your account was compromised and often times they get traded away multiple times so steam is not going to do that for every account.

Originally posted by nullable:

Everyone really tries to be safe, but lots of people unknowingly compromise their accounts. The problem is since they did it unknowingly when the compromise becomes visible, it's pretty easy for lots of people to assume "I didn't cause this, it must be a flaw in the security".

And while it's not impossible, if there was a flaw that let an attacker loot your account through no fault of your own, well, your account would hardly be the only one. And the attackers would be looting as many accounts as they could as fast as possible because the second that flaw becomes known it'll get patched and the opportunity would be lost. As a result thousands, maybe millions of users would be affected and it would be front page gaming news everywhere.

So is that happening? Is a Steam security exploit the front page on gaming news sites? Or is it maybe plausible that, like lots of other users, you possibly could have made a mistake somewhere that compromised your account?

Originally posted by omeX:

My account was hijacked like 16 hours ago. The hijacker managed to pass 2FA. Manage to make only 1 trade with all my cases and items (about ~300 deal worth in total). Trying steam support help, but I don't expect anything. Truly don't know how this happened, currently using AVG Ultimate edition (no malware found), I didn't give anyone me backup codes etc. Here is the steam, please if you can report him. Also if you check his inventory you will find all my items, even my awp with my girlfriend name on it :/.

Originally posted by iMpactFuze:

I just haven't ever put in my steam credentials anywhere except the desktop steam software. The time when I contacted steam support was likely the first time I used steam credentials on a browser in over a decade.