Unsure if my Account is Compromised

All Discussions > Steam Forums > Help and Tips > Topic Details

Mums Nov 1, 2023 @ 6:49am

I downloaded a virus a few weeks ago and various accounts of been hacked, including my steam. They somehow got around steam guard (linked to my email) and maybe got around my emails 2 step verification that sends a text to my phone, although if they did they have left no evidence and even managed to block Google notifications to my phone about another device logging in. I've done this steps for my steam account:

1. Scan for malware. Use your own antivirus program or use https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

I've scanned for malware multiple times with 3 programs and found nothing since initially removing the virus. I changed passwords, including my steam one several times, etc. All the hackers did was buy an overpriced dota 2 item with my steam wallet funds on the 30th of October. They didn't change the details on my account. I watched a video about someone else who was hacked and had things bought with their wallet funds and went through the above steps. In the comments, they are replying to people months later and they still have their account; they just don't use Steam Wallet anymore. However, my friend is saying that my account details have probably been stolen and it will be a matter of time before it's sold and someone takes control of it from me.

As stated above, I've changed the password multiple times, so they would need to have a very hard-to-detect antivirus (I've read that up-to-date anti-virus catch about 99.something% of viruses) to be keylogging or something so that they can save my new password and sell the account later on. That doesn't seem likely to me. The original virus was from another computer and was removed from there. Nothing's on this computer. On one hand, they seem skilled. By the time my steam account was hacked I was on this computer, the one that never had the virus. Yet they got past steam guard, sending an email to my gmail. So they must have gotten into my Gmail, getting past its authentication of sending a message to my phone and requiring a code for a new device to log in. To then get the code and log into my steam account to then buy the dota 2 item. But then suddenly they get stupid and forget that if something is bought on my steam account I get an email about it, an email they didn't notice despite seemingly have access to my gmail at the time and an email they never delete. Maybe a hacker got into the accounts and sold the details, then left it at that. But what's taking them so long to sell my steam account and the accounts of others on that video who seem to have gone through similar?

Do you think my steam account is compromised and will be taken from me at some unknown time in the future even though I can still log into it and have went through steps 1 to 6 above? Or did something very rare and weird happen?

< >

Showing 1-9 of 9 comments

Lilim Nov 1, 2023 @ 7:04am

Originally posted by Mums:
I downloaded a virus a few weeks ago and various accounts of been hacked, including my steam.

You didn't mention that in your previous thread.

Weird Hack Maybe?

Mums Nov 1, 2023 @ 7:23am

Originally posted by Lilim:
Originally posted by Mums:
I downloaded a virus a few weeks ago and various accounts of been hacked, including my steam.

You didn't mention that in your previous thread.

Weird Hack Maybe?

Yes, I didn't think about it back then since it was on another computer and the issues only started to happen on this one. It must have ran something to get passwords, etc. I don't know if not mentioning things in the last thread seems suspicious and I'm sorry if it does. All this stuff has been stressful to be honest, and I've never been hacked before. I'm getting a new computer soon and I'm going to start again when it comes to accounts. With the other accounts I don't lose anything, but I do with steam if I make a new account. If I buy new games on this existing account, I may just be throwing money away if it's compromised and hasn't been sold off by the hacker yet. I realize there probably is no answer, but I'm hoping there is.

Last edited by Mums; Nov 1, 2023 @ 7:31am

Eidolon Nov 1, 2023 @ 7:36am

As long as you followed all the steps, you should be fine. If they sold your old info then someone who would buy it wouldn't be able to get in with that since you updated it now. If you're still worried maybe you can also change the account email to a fresh one that you know was never compromised? Otherwise, I think you should be fine now. As long as your computer itself is also not compromised. If you want to be absolutely sure you would have to format your computer's drive.

Lilim Nov 1, 2023 @ 7:45am

Originally posted by Mums:
I'm getting a new computer soon and I'm going to start again when it comes to accounts. With the other accounts I don't lose anything, but I do with steam if I make a new account. If I buy new games on this existing account, I may just be throwing money away if it's compromised and hasn't been sold off by the hacker yet. I realize there probably is no answer, but I'm hoping there is.

If you are getting a new computer anyway, do this:

Originally posted by Eidolon:
If you want to be absolutely sure you would have to format your computer's drive.

...and do the steps to secure your account again.

You might also want to create a new email account. Write down your old email address as it is important for account recovery (you don't need to have access to it).

Yujah Nov 1, 2023 @ 7:47am

Reading your description I'd say you're "mostly safe".

Specifically it would appear that after the mentioned points 1-6 the only "stolen account details" that could still matter would be a detailed account history with which someone could attempt to "recover" a supposedly forgotten password.

Steam support would (generally, I don't know details) ask for an initial email address on the account along with e.g. details of a purchase. Latter can have been obtained but if former is not the current address I don't believe it can. Believe, mind you; I don't know what's available through an API key.

Even if e.g. the email address has never changed at all, i.e., if they know it, they'd still need to manually try through Steam support and I'd imagine this would not be common at least.

Lilim Nov 1, 2023 @ 7:52am

Originally posted by Yujah:
Steam support would (generally, I don't know details) ask for an initial email address on the account along with e.g. details of a purchase. Latter can have been obtained but if former is not the current address I don't believe it can. Believe, mind you; I don't know what's available through an API key.

Even if e.g. the email address has never changed at all, i.e., if they know it, they'd still need to manually try through Steam support and I'd imagine this would not be common at least.

Support may ask for the first email address (that's why I said to write it down). However, the first email alone is not sufficient proof of ownership.

Yujah Nov 1, 2023 @ 7:54am

No, but AFAIA and as mentioned, said address together with details of a purchase (the initial one for the account or otherwise) may be.

lycor Jan 16 @ 8:42am

Originally posted by Mums:
I downloaded a virus a few weeks ago and various accounts of been hacked, including my steam. They somehow got around steam guard (linked to my email) and maybe got around my emails 2 step verification that sends a text to my phone, although if they did they have left no evidence and even managed to block Google notifications to my phone about another device logging in. I've done this steps for my steam account:

1. Scan for malware. Use your own antivirus program or use https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

I've scanned for malware multiple times with 3 programs and found nothing since initially removing the virus. I changed passwords, including my steam one several times, etc. All the hackers did was buy an overpriced dota 2 item with my steam wallet funds on the 30th of October. They didn't change the details on my account. I watched a video about someone else who was hacked and had things bought with their wallet funds and went through the above steps. In the comments, they are replying to people months later and they still have their account; they just don't use Steam Wallet anymore. However, my friend is saying that my account details have probably been stolen and it will be a matter of time before it's sold and someone takes control of it from me.

As stated above, I've changed the password multiple times, so they would need to have a very hard-to-detect antivirus (I've read that up-to-date anti-virus catch about 99.something% of viruses) to be keylogging or something so that they can save my new password and sell the account later on. That doesn't seem likely to me. The original virus was from another computer and was removed from there. Nothing's on this computer. On one hand, they seem skilled. By the time my steam account was hacked I was on this computer, the one that never had the virus. Yet they got past steam guard, sending an email to my gmail. So they must have gotten into my Gmail, getting past its authentication of sending a message to my phone and requiring a code for a new device to log in. To then get the code and log into my steam account to then buy the dota 2 item. But then suddenly they get stupid and forget that if something is bought on my steam account I get an email about it, an email they didn't notice despite seemingly have access to my gmail at the time and an email they never delete. Maybe a hacker got into the accounts and sold the details, then left it at that. But what's taking them so long to sell my steam account and the accounts of others on that video who seem to have gone through similar?

Do you think my steam account is compromised and will be taken from me at some unknown time in the future even though I can still log into it and have went through steps 1 to 6 above? Or did something very rare and weird happen?

Hey!! so the same things happened to me a few days ago and i saw that the hacker had sent a scam link to all my friends,, i did the same things that you did - changed the pass, deauthorized the devices but I also dunno if i should continue buying games on this acc - or if I should make a new acc ; and if i do, if the keylogging will occur on that acc too. Did you get back full control of your acc ? Are you still buying games from the compromised acc?

Mums Jan 16 @ 8:50am

Originally posted by lycor:
Originally posted by Mums:
I downloaded a virus a few weeks ago and various accounts of been hacked, including my steam. They somehow got around steam guard (linked to my email) and maybe got around my emails 2 step verification that sends a text to my phone, although if they did they have left no evidence and even managed to block Google notifications to my phone about another device logging in. I've done this steps for my steam account:

1. Scan for malware. Use your own antivirus program or use https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

I've scanned for malware multiple times with 3 programs and found nothing since initially removing the virus. I changed passwords, including my steam one several times, etc. All the hackers did was buy an overpriced dota 2 item with my steam wallet funds on the 30th of October. They didn't change the details on my account. I watched a video about someone else who was hacked and had things bought with their wallet funds and went through the above steps. In the comments, they are replying to people months later and they still have their account; they just don't use Steam Wallet anymore. However, my friend is saying that my account details have probably been stolen and it will be a matter of time before it's sold and someone takes control of it from me.

As stated above, I've changed the password multiple times, so they would need to have a very hard-to-detect antivirus (I've read that up-to-date anti-virus catch about 99.something% of viruses) to be keylogging or something so that they can save my new password and sell the account later on. That doesn't seem likely to me. The original virus was from another computer and was removed from there. Nothing's on this computer. On one hand, they seem skilled. By the time my steam account was hacked I was on this computer, the one that never had the virus. Yet they got past steam guard, sending an email to my gmail. So they must have gotten into my Gmail, getting past its authentication of sending a message to my phone and requiring a code for a new device to log in. To then get the code and log into my steam account to then buy the dota 2 item. But then suddenly they get stupid and forget that if something is bought on my steam account I get an email about it, an email they didn't notice despite seemingly have access to my gmail at the time and an email they never delete. Maybe a hacker got into the accounts and sold the details, then left it at that. But what's taking them so long to sell my steam account and the accounts of others on that video who seem to have gone through similar?

Do you think my steam account is compromised and will be taken from me at some unknown time in the future even though I can still log into it and have went through steps 1 to 6 above? Or did something very rare and weird happen?

Hey!! so the same things happened to me a few days ago and i saw that the hacker had sent a scam link to all my friends,, i did the same things that you did - changed the pass, deauthorized the devices but I also dunno if i should continue buying games on this acc - or if I should make a new acc ; and if i do, if the keylogging will occur on that acc too. Did you get back full control of your acc ? Are you still buying games from the compromised acc?

I buy stuff, but I don't save any details. It wasn't keylogging in my case, but a hash thing that got passwords. So once I changed them the access was gone and the virus was already gone. At least I think so, not had issues since at least. Do a scan, reinstall windows or whatever, change passwords into far stronger ones, do 2fa and yeah, hopefully you will be good.

< >

Showing 1-9 of 9 comments

Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details

Date Posted: Nov 1, 2023 @ 6:49am

Posts: 9

Start a New Discussion

Discussions Rules and Guidelines

Report this post