some things to note:

this is a burner steam account. the email used is only made for this. I also changed my email to a new burner one and my password. But how tf did someone get by two step? what the ♥♥♥♥ is the point of it? seriously

your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW to secure the account:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

DO NOT TRADE

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a trusted/clean computer.
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Odds are you were hijacked when you logged into a shady 3rd party application, and they could have been sitting on your account for a long time before they actually did anything.

The point of steam MFA, is that it is security for you, providing you dont give away your account information. Having a deadbolt on the door doesnt do anything for you if you give away the key...

the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.

All those sites potentially have phishing login windows.

And you using known scam websites had nothing to do with that? Do you really want to go with that?

ughh well thats tough, I changed my email to this account and my password I guess Ill revoke my API key too. Can i still use this account tho? everything is changed. I just wont use 3rd partry sites anymore

idk this is legit the first time ive ever been hacked and i used to use those sites alot

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

ughh well thats tough, I changed my email to this account and my password I guess Ill revoke my API key too. Can i still use this account tho? everything is changed. I just wont use 3rd partry sites anymore

Following the steps will be your best bet.

Revoking the API and de-authorizing any sessions will remove them from the account, changing your password from a clean computer will secure your account. Generating new backup codes will secure your account after changing password and de-authorizing session. Scanning for malware is good practice incase there is something else.

You should not have an API key. Having one and not being a developer trying to utilize the steam API keys, means someone is on your account.

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.

At least now you know how someone gained access to your account.

thanks havok, its just weird how its now and not before or something idk. I really find it strange how that happened, I cant believe I slipped up like that

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

idk this is legit the first time ive ever been hacked and i used to use those sites alot

You were probably phished for a long time and then only decided to strike later when the payoff was best and to disguise the origin of the phishing. Those are literally two of the biggest scam culprits going too.

You give away your credentials just once to a phishing window that sites like these operate, you will be instantly shadow-hijacked and wont realise until it's too late. This could happen the next day or a year down the line.

good on em for takin $14.40 cents from me. who knows maybe his family is starving

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

good on em for takin $14.40 cents from me. who knows maybe his family is starving

When they're rinsing 10,000 victims a day, that money can be significant and they don't even have to do a thing.

Originally posted by GO LEAFS GO ♥♥♥♥ YOU TAMPA:

thanks havok, its just weird how its now and not before or something idk. I really find it strange how that happened, I cant believe I slipped up like that

If they stole your account the second you logged in everything would point to them, so they wait to waylay suspicion. You've most likely been shadow hijacked for months.

Remember they aren't in a rush - they have loads of accounts to get through, yours is just a number on a list.

I dont understand how it possible fore them to wait for months when i have steam guard tho isnt that the entire point? to always be able to verify who it is?