Hijacked, not hacked. You leaked your account credentials somehow.

Do not trade until your account is secured.

Take the following steps to secure your account:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Steam does not return inventory items or wallet funds: https://help.steampowered.com/faqs/view/3B6E-B322-2400-8D24

If you no longer have access to your account, read this:
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

Yeah, this is similar to Steams drone-like response. I didn't even mention the word 'hack'. All of these steps are regularly taken because I've had my account for almost 20 years.

This is clearly a leak on your end and there is no credential dumps as the current security architecture relies on instant logins by session. Also you wont get any 2FA notifications on your end if you account is used to make purchases. Only sale confirmations provide such notifications.

Originally posted by Ryan:

Yeah, this is similar to Steams drone-like response. I didn't even mention the word 'hack'. All of these steps are regularly taken because I've had my account for almost 20 years.

And yet someone was able to enter your account? Despite 2FA? Looks like you're not doing enough, or not doing it properly.

It's a public user forum. And your PSA is about as useful as the thousands of other such threads that went into forum oblivion aka page 2 within a matter of hours, without being read by those who actually need to read it.

As they tend to visit discussions after something happened, just like you did.

Super glad for you. Now move along.

Originally posted by Ryan:

Yeah, this is similar to Steams drone-like response. I didn't even mention the word 'hack'. All of these steps are regularly taken because I've had my account for almost 20 years.

Even if that dump really happened (I'm not denying it since leaks like this happened everywhere), you can't bypass Steam Guard 2FA by email/username and password alone.

Also, there is no need for negativity.

Gabe Newell's account name and password were made public... By him... During a press conference.

So when someone actually manages to get in any account without a liveauth code, let us know. Otherwise, stop giving all 3 away to phishers.

Considering your behavior right now, maybe you should follow your own advice. All that misplaced anger, take a walk, a deep breath, calm down.

Originally posted by Ryan:

Meh, 80k points to waste so why not? But dude... looking at your account, you need a life. Seriously. The list of rules you've made for all those thousands of people who obviously send you constant friend requests is a clear sign of mental illness. Go outside. Take in some air and hopefully you'll find life outside of throwing your condescension over other people's posts. 5,000 pages of comments... I can't even imagine the smell.

I am sure there are many many more posts, reviews, and guides that I think deserve more of your points.

And let's not go over that. What other people do on their own profile page is none of anyone's business besides themselves. Let's respect each other's rights.

Socially inept tryhards who would pay to be a mod if they could, fascinate me. Luckily they're a dime a dozen.

Originally posted by Ryan:

Socially inept tryhards who would pay to be a mod if they could, fascinate me. Luckily they're a dime a dozen.

Heh. You can't be so sure about that. Who knows that we are ackchktually steam employees in disguise? We can even throw a VAC ban on your account right now!!

OP needs to grow up.

Accounts are PHISHED because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to your account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


And finally:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.

Originally posted by Ryan:

Several MASSIVE credential dumps have been circulated in the past few days causing the usual stream of 2FA notifications and password reset attempts for various different platforms.

So you are affected in several ways?