My steam account got hacked and I have two step
Two days ago, my steam (this one) got hacked. somehow. Straight up someone sold my skins on the market and spent 7.80c on a dota skin. NO one uses this account but me. I have two step. I checked my email for the login verification durring the time I was hacked and there was nothing. How is this possible. Is my computer compromised?

Something went wrong while displaying this content. Refresh

Error Reference: Community_9721151_
Loading CSS chunk 7561 failed.
(error: https://community.fastly.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
< 1 2 >
Showing 1-15 of 19 comments
some things to note:

this is a burner steam account. the email used is only made for this. I also changed my email to a new burner one and my password. But how tf did someone get by two step? what the ♥♥♥♥ is the point of it? seriously
Wolf Knight Apr 26, 2023 @ 4:57pm 
your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW to secure the account:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.
Havok Apr 26, 2023 @ 4:57pm 
DO NOT TRADE

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a trusted/clean computer.
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Odds are you were hijacked when you logged into a shady 3rd party application, and they could have been sitting on your account for a long time before they actually did anything.

The point of steam MFA, is that it is security for you, providing you dont give away your account information. Having a deadbolt on the door doesnt do anything for you if you give away the key...
Last edited by Havok; Apr 26, 2023 @ 5:00pm
the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.
cSg|mc-Hotsauce Apr 26, 2023 @ 5:05pm 
the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.

All those sites potentially have phishing login windows.

:qr:
Cathulhu Apr 26, 2023 @ 5:06pm 
And you using known scam websites had nothing to do with that? Do you really want to go with that?
ughh well thats tough, I changed my email to this account and my password I guess Ill revoke my API key too. Can i still use this account tho? everything is changed. I just wont use 3rd partry sites anymore
idk this is legit the first time ive ever been hacked and i used to use those sites alot
Havok Apr 26, 2023 @ 5:12pm 
ughh well thats tough, I changed my email to this account and my password I guess Ill revoke my API key too. Can i still use this account tho? everything is changed. I just wont use 3rd partry sites anymore

Following the steps will be your best bet.

Revoking the API and de-authorizing any sessions will remove them from the account, changing your password from a clean computer will secure your account. Generating new backup codes will secure your account after changing password and de-authorizing session. Scanning for malware is good practice incase there is something else.

You should not have an API key. Having one and not being a developer trying to utilize the steam API keys, means someone is on your account.

the only websites ive logged onto with this account that were 3rd party, was cs money 4 times, ♥♥♥♥♥♥♥♥♥♥ 2 times. Like im pretty good with this ♥♥♥♥ usually (clearly not i got hacked) but im worried my computer is compromised.

At least now you know how someone gained access to your account.
thanks havok, its just weird how its now and not before or something idk. I really find it strange how that happened, I cant believe I slipped up like that
J4MESOX4D Apr 26, 2023 @ 5:16pm 
idk this is legit the first time ive ever been hacked and i used to use those sites alot
You were probably phished for a long time and then only decided to strike later when the payoff was best and to disguise the origin of the phishing. Those are literally two of the biggest scam culprits going too.

You give away your credentials just once to a phishing window that sites like these operate, you will be instantly shadow-hijacked and wont realise until it's too late. This could happen the next day or a year down the line.
good on em for takin $14.40 cents from me. who knows maybe his family is starving
J4MESOX4D Apr 26, 2023 @ 5:25pm 
good on em for takin $14.40 cents from me. who knows maybe his family is starving
When they're rinsing 10,000 victims a day, that money can be significant and they don't even have to do a thing.
Bee🐝 Apr 26, 2023 @ 5:26pm 
thanks havok, its just weird how its now and not before or something idk. I really find it strange how that happened, I cant believe I slipped up like that
If they stole your account the second you logged in everything would point to them, so they wait to waylay suspicion. You've most likely been shadow hijacked for months.

Remember they aren't in a rush - they have loads of accounts to get through, yours is just a number on a list.
I dont understand how it possible fore them to wait for months when i have steam guard tho isnt that the entire point? to always be able to verify who it is?
< 1 2 >
Showing 1-15 of 19 comments
Per page: 1530 50

Date Posted: Apr 26, 2023 @ 4:52pm
Posts: 19