Tickets getting closed automatically are usually a sign of an account hijack -- the hijacker wants to prevent you from contacting support. Refunds are just collateral.

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
6. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.

I did have an API key to my account. Thats weird.

I have removed it, changed my password and revoked all devices.

Originally posted by Kargor:

Tickets getting closed automatically are usually a sign of an account hijack -- the hijacker wants to prevent you from contacting support. Refunds are just collateral.

I have had this account for years and I didnt see any suspicious stuff happening. This is weird and makes me paranoid . Currently doing a computer scan

Originally posted by Ettanin:

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
6. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.

I was able to get a refund after following all the steps you listed ! wow so my account was compromised ?

Thank you so much !

Originally posted by TheEntireNationOfKenya:

I was able to get a refund after following all the steps you listed ! wow so my account was compromised ?

Thank you so much !

Don't click links from 'friends' asking you to vote for them or their team. Don't login to 3rd party skin sites to sell skins. Report and block anyone who contacts you saying you've been accidentally reported and need to do stuff to stop your account from being locked.

That's three ways accounts get compromised.

Op Steam has a one click login method to help know if it a scam site all you do is this.

Visit Steam itself bookmark Steam store, and Steam community. Now only login to Steam from your bookmarks, no where else.

To see example, visit Steam then login, now visit steamdb.info click login Steam, you should only, I repeat only login green button, shouldn't be seeing any text field of any kind, the reason why see no login text field because it shows, and asking if your logging in as said account it already have you logged in. Scammers can't spoof this because they want your login information, just so they can get in, and since there no login information to enter at all they can't enter your account.

Please note QR login is also passwordless method, but you need pay attention when using QR scan, it will show you map, with IP address, and if it doesn't match what your is, then you know it's not your device you're logging into. It's not hard to open eyes, and look at the map, and IP address. If you don't have a static IP address for some reason, you have to google it each time from the device your logging into to ensure it matches.

And as others said above, don't randomly login via links people give you, as scammers will use lines like you have pending ban, or I reported you, or vote for my team, or you won a prize, anything to trick you into putting login information on their server so they use against you, and then sell said information to to other scammers, that why be aware what you do online. Also don't download random crap from random people on discord scammers been sending viruses like they say try my demo, free game, or whatever. So be aware what you do online.

Originally posted by Dr.Shadowds 🐉:

To see example, visit Steam then login, now visit steamdb.info click login Steam, you should only, I repeat only login green button, shouldn't be seeing any text field of any kind, the reason why see no login text field because it shows, and asking if your logging in as said account it already have you logged in. Scammers can't spoof this because they want your login information, just so they can get in, and since there no login information to enter at all they can't enter your account.

Actually, the reason is entirely technical: the browser only sends cookies to the site that has set them -- and it's not getting fooled by similar-looking domain names. If "steamcommunity dot com" has set a cookie, the browser won't send it to "steamcomnunity dot com", simply because it's a different site.

Thus, non-steam sites cannot get the session information from the steam website.

So, it has nothing to do with what the scammers want. If they could get that information, they would probably display it just like Steam does, before giving you something like "login expired, please login again". Or they would frame it as a security measure, similar to how Steam does it when you have to enter your password again to make a purchase.

While I recommend the same procedure -- always log into Steam and just confirm on the "login through Steam" page -- the above even applies to stored passwords: if you've stored your credentials for "steamcommunity dot com" in the browser, the browser should not use that data to pre-fill the entry fields from "steamcomnunity dot com". So, that would be another indication that you're looking at a scam site.

Originally posted by TheEntireNationOfKenya:

Originally posted by Ettanin:

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
6. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.

I was able to get a refund after following all the steps you listed ! wow so my account was compromised ?

Thank you so much !

Yep and it may have been for years. Scammers use API keys to monitor account activity and if there was a chance to scam you, they can use the information garnered from the key to facilitate a variety of confidence-type scams. This also means that somewhere along the lines you leaked your credentials to either a phishing site or they were swiped by capture-based malware. Either way, it's lucky you found out this way you were hijacked and not after being scammed.

Originally posted by TheEntireNationOfKenya:

wow so my account was compromised ?

You are in a group that wants you to sign up into a website to earn points.

Never enter your Steam login credentials into a third-party site!

All third-party sites are use at own risk. If you really have to use them, then at least use the method described by Dr.Shadowds.

I also found out he tried to get a new API key when I removed the first one and didnt change my password yet.

This could also explain the random friend invites I kept getting with no mutual friends and not using steam for a while .

Thank you all for your help and advices !

Originally posted by TheEntireNationOfKenya:

I also found out he tried to get a new API key when I removed the first one and didnt change my password yet.

This could also explain the random friend invites I kept getting with no mutual friends and not using steam for a while .

Thank you all for your help and advices !

This is why you should do the steps in order. If you revoke the key before kicking the hijacker out then they will just bot a replacement key. The process is designed to clear any malware, remove the hijackers, change your password and then generate new codes. You can then revoke the now-useless key at the very end because the scammer's access has already been cut and it is assumed the device is clean after the initial malware scan.

Originally posted by TheEntireNationOfKenya:

This could also explain the random friend invites I kept getting with no mutual friends and not using steam for a while .

Set your inventory to private and avoid large groups in general if you don't want to get that many random friend invites.