ni hao 20 DIC 2023 a las 11:07 p. m.
My steam account was hacked
I recently got my account hacked. My profile name was changed, my friend list went empty except for the account the hacker is messaging me on, and my email and password were changed as well. They also threatened me by selling some of my inventory items which they did and they removed my prime status on CS2 which I didn't even know you could do

I have two factor authentication so I had no idea how they got through and I never receive a notification like I would normally would when someone tries to login to my steam. What's crazy is that I looked through my login history and the hacker who is from Russia had my account info for a week and login to it multiple times and again, I never got a notification on steam mobile about it.

I was able to get my account back through my phone number and so far I changed my password, email, remove the mobile authentication and re-added it.

I also contacted steam support about it. Is there anything else I need to do? I am mainly concerned about my steam authentication not working since it never gave me any notifications

Edit: The person who hijacked was able to disable and enable my friends list which brought all my friends back. They then demanded that I send all my inventory items to a smurf account or to a friends account before they reboot my account but now that I think about it, how does that benefit them? And what do they mean by rebooting my account because I don't think that's even a thing
Última edición por ni hao; 21 DIC 2023 a las 10:32 a. m.
< >
Mostrando 1-12 de 12 comentarios
Do all the steps, in order...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

Your items are gone for good.

Read the Steam Item Restoration Policy.
Última edición por ↑↑↓↓←→←→BASelect; 20 DIC 2023 a las 11:14 p. m.
ni hao 20 DIC 2023 a las 11:25 p. m. 
Publicado originalmente por Dr. Johnny Fever:
Do all the steps, in order...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

Your items are gone for good.

Read the Steam Item Restoration Policy.

I already did all of that and my account is recovered. My current problem is my steam authentication not notifying me about someone trying to login to my account and I don't know if the hacker would still have access to my account information.
Unn4m3d (♥AUT♥) 20 DIC 2023 a las 11:59 p. m. 
Publicado originalmente por _Soriim:
Publicado originalmente por Dr. Johnny Fever:
Do all the steps, in order...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

Your items are gone for good.

Read the Steam Item Restoration Policy.

I already did all of that and my account is recovered. My current problem is my steam authentication not notifying me about someone trying to login to my account and I don't know if the hacker would still have access to my account information.

There was no "hacker". You gave out your account information somewhere.
Supafly 21 DIC 2023 a las 12:49 a. m. 
Publicado originalmente por _Soriim:
Publicado originalmente por Dr. Johnny Fever:
Do all the steps, in order...

Scan for malware. https://www.malwarebytes.com/ or with whatever

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

Your items are gone for good.

Read the Steam Item Restoration Policy.

I already did all of that and my account is recovered. My current problem is my steam authentication not notifying me about someone trying to login to my account and I don't know if the hacker would still have access to my account information.

You don't get notification when you login. The hacker hijacker had your correct username, password and LIVE steam guard code. The fact you've done all the steps in post #1 means you've secured the account. Now provided you do NOT share your login credentials, username, password and a LIVE steam guard code, your account will remain secure
Muppet among Puppets 21 DIC 2023 a las 1:44 a. m. 
Publicado originalmente por _Soriim:
My current problem is my steam authentication not notifying me about someone trying to login to my account and I don't know if the hacker would still have access to my account information.
They logged in when you thought you logged in on a fake steam page.
Never logged out, just restarted the computer, that were the other "logins" you saw.
Aleddra 21 DIC 2023 a las 9:57 a. m. 
Publicado originalmente por Unn4m3d (♥AUT♥):
There was no "hacker". You gave out your account information somewhere.
You would know that....
Right?
Unn4m3d (♥AUT♥) 21 DIC 2023 a las 10:05 a. m. 
Publicado originalmente por Aleddra:
Publicado originalmente por Unn4m3d (♥AUT♥):
There was no "hacker". You gave out your account information somewhere.
You would know that....
Right?

Yes, I would know that Steam Accounts are not hacked.

And that cases like this one happen on a daily basis in these forums.

And that it's ALWAYS the user giving out account informations, since again, Steam Accounts do not get hacked.

If they did, every account on Steam would be compromised.
DjibouTeaM 21 DIC 2023 a las 11:03 a. m. 
Hello @all

Here is the story of "how I met .... a nightmare"

I've just recovered my account (1 hour ago) because I had the same misadventure in the last 48h.

What happened exactly ?

I received a private message from a good friend via steam app . In the message, there was a link to redeem a gift activation code .

As we are in "christmas time", I didn't realized that the URL my friend sent me was in fact a phishing URL (very close to an original gift activation URL from steam).
Also, as we do time to time, it's not unusual that we offer each others gifts codes
=> so I clicked on the link : Spoiler alert : it was a f**king good fishing URL who invite me, via chrome navigator to log me in to my steam account (fake login page)

Ex of the phishing URL :
https:// steamcommunmuttliy . com / gift / activation / xxxxxxxxxxxxxxxxxxxxxxxxxxx

(I added some spaces in the URL to prevent anybody to click on it and be part of this sh*t

I receive a mail + SMS from Steam for the dual authentification

at the exact moment I clicked on "LOG IN" all my devices (phone + steam App) began to blink : I had been logged out and I received a mail from Steam :
Recent Changes to your Steam Acount
Dear djibouteam,
The email address associated with your Steam account has been successfully changed.

I was hijacked and it was too late...

If you receive the same kind of links, be aware

Best regards to you all ;)
DjibouTeaM 21 DIC 2023 a las 11:05 a. m. 
INFO : my friend had been hacked/hijacked the same way few days before.

Apprently, some of my other friend I share my adventure said me via discord, few hours after my "hijack", the hijacker sent them the same kind of fishing URL but they already been aware of so, no one clicked
Supafly 22 DIC 2023 a las 3:22 a. m. 
Publicado originalmente por DjibouTeaM:
INFO : my friend had been hacked/hijacked the same way few days before.

Apprently, some of my other friend I share my adventure said me via discord, few hours after my "hijack", the hijacker sent them the same kind of fishing URL but they already been aware of so, no one clicked

Thats a common practice. Any account that has contact often results in the hijacker spamming their contacts hoping 1 or more will take the bait and follow a link. Hopefully this will teach you and others to not blindly trust a message from a contact.
ppom 6 ENE 2024 a las 9:04 p. m. 
Publicado originalmente por DjibouTeaM:
Hello @all

Here is the story of "how I met .... a nightmare"

I've just recovered my account (1 hour ago) because I had the same misadventure in the last 48h.

What happened exactly ?

I received a private message from a good friend via steam app . In the message, there was a link to redeem a gift activation code .

As we are in "christmas time", I didn't realized that the URL my friend sent me was in fact a phishing URL (very close to an original gift activation URL from steam).
Also, as we do time to time, it's not unusual that we offer each others gifts codes
=> so I clicked on the link : Spoiler alert : it was a f**king good fishing URL who invite me, via chrome navigator to log me in to my steam account (fake login page)

Ex of the phishing URL :
https:// steamcommunmuttliy . com / gift / activation / xxxxxxxxxxxxxxxxxxxxxxxxxxx

(I added some spaces in the URL to prevent anybody to click on it and be part of this sh*t

I receive a mail + SMS from Steam for the dual authentification

at the exact moment I clicked on "LOG IN" all my devices (phone + steam App) began to blink : I had been logged out and I received a mail from Steam :
Recent Changes to your Steam Acount
Dear djibouteam,
The email address associated with your Steam account has been successfully changed.

I was hijacked and it was too late...

If you receive the same kind of links, be aware

Best regards to you all ;)

Hi! This exact thing is happening to someone I know right now. They can't respond to this, seeing as they've been hacked, so I'm doing it for them. I actually have a few questions for you.
1. Did anything else happen to you? Like did your account lock itself? Was any of the stuff changed, like your name?
2. Did it affect anything else, like your credit cards or email?
3. What steps did you take to recover the account?
Thank you!!
Bloody Moon 6 ENE 2024 a las 9:20 p. m. 
Publicado originalmente por DjibouTeaM:
Hello @all

Here is the story of "how I met .... a nightmare"

I've just recovered my account (1 hour ago) because I had the same misadventure in the last 48h.

What happened exactly ?

I received a private message from a good friend via steam app . In the message, there was a link to redeem a gift activation code .

As we are in "christmas time", I didn't realized that the URL my friend sent me was in fact a phishing URL (very close to an original gift activation URL from steam).
Also, as we do time to time, it's not unusual that we offer each others gifts codes
=> so I clicked on the link : Spoiler alert : it was a f**king good fishing URL who invite me, via chrome navigator to log me in to my steam account (fake login page)

Ex of the phishing URL :
https:// steamcommunmuttliy . com / gift / activation / xxxxxxxxxxxxxxxxxxxxxxxxxxx

(I added some spaces in the URL to prevent anybody to click on it and be part of this sh*t

I receive a mail + SMS from Steam for the dual authentification

at the exact moment I clicked on "LOG IN" all my devices (phone + steam App) began to blink : I had been logged out and I received a mail from Steam :
Recent Changes to your Steam Acount
Dear djibouteam,
The email address associated with your Steam account has been successfully changed.

I was hijacked and it was too late...

If you receive the same kind of links, be aware

Best regards to you all ;)
The link you mentioned (steamcommunmuttliy) is the same one published a few days ago in the Girls Gamers group chat, I noticed it while reading and reported it.
< >
Mostrando 1-12 de 12 comentarios
Por página: 1530 50

Publicado el: 20 DIC 2023 a las 11:07 p. m.
Mensajes: 12