Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
6. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.
Be aware that Steam Support will not restore stolen items nor stolen wallet funds.
In accordance with Section 1 C of the Steam Subscriber Agreement, you are responsible for all actions on your account, no matter who used the account.
I suppose all the things that happen is just because it our fault and there wont be any fixing or helping because too bad, the hacker is free to stole people wallet funds and stream in-game items. Too bad, let the hacker get freedom to do whatever they like.
I just got my in-game items stolen as well, I did not go on any site that have anything to do with bet or selling items off to out source website unless twitch is compromise with their in-game items drop event. I guess this is to learn that your account is never safe so might as well sell all the in-game items and stop support the dev by purchasing the cosmetic or join them in any event to raise money.
How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.
How does Steam (a program) know it is not you when all the account details are correct? It doesn't.
The alternative is not plausible:
1) Someone would have to "GUESS" your account name from "millions of possible combinations".
2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".
3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.
You installed malware = You were NOT hacked. Hackers didn't exploit any weakness in code, They exploited YOU
2FA is just another key it is NOT a magical thing that makes an account immune to compromise. If your username, password and LIVE Guard code becomes known to someone other than you then that someone has access. At which point an accounts 2FA is useless. Just like how the locks on your doors become useless if you gave your house keys to a stranger
You're in a group that promotes "♥♥♥♥♥♥♥♥♥♥ sites etc
2FA is two-factor authentication, this is not an AI it, it's not a robot that thinks, it's not an anti virus either, or such it's a system that requries two confirmation for authorization that all it is. Was anything unclear? I know it hard to believe, or wonder what the point of 2FA which the goal was to not mindlessly give out login but yet victims do it a lot...
These are what scammers do.
- They contact you in some way like Steam chat, discord, whatever to say story like "vote for my team", "did you get it yet", "I reported you by mistake", "you have pending ban", and so on with any kind of wording they change overtime, they give you a link to a scam site to try trick you login, and wouldn't realize it was a fake site because they do actually go out of their way to trick you.
- They try give you something like "try my demo" via discord, email, or whatever, and well I shouldn't need to explain what a virus, but point is shouldn't randomly install/run things from others that randomly contact you, and discord is a huge target since it easy for them to upload virus on there, or post links.
Now how 2FA actually works, if you went to a site that wasn't Steam, and look like steam which is a scam site, and you enter in your login info, it will proc you for 2FA code, now if doing it via email the code be sent to your email, and you wouldn't think it odd because you're thinking about logging into steam without realizing it's a scam site that how victims happen on the internet across EVERY single site in this world because they don't pay any attention what they're doing, and when something bad happens, they blame it on something but themselves because they were gullible enough to give the 2FA code to the scammers.
Now for Virus this is all on user end problem, and this can range from spyware, backdoor, or ransomware, they could do things ONCE you gave it permission aka you installing / running it, which will do things in background if already had full access like making changes to steam files, copying things, or even making changes to your account while you were still login which doesn't need you to relog because you're already login hence no additional login requests.
Another way scammer can have access is them knowing your login info already, and has access to your email which means they can delete said email without you noticing it which is why often don't use same login info for everything, and don't keep using same login info if it had been leak already you have to change it on everything to avoid being a mass problem on anything else using same login info.
Last worse case is if you gave scammers too much info they can pretent to be you to recover accounts because they know all answers as real owner knows which why don't share private details with randos.
So if you fell for phishing site scam, at least it not as bad just have take it as a lesson, and don't repeat it, as well change login info on all accounts that use same info. Now if you did install a virus on your system that a problem, and you're gonna have to figure out how to fully remove it, and hope a good anti virues can detect it, and remove it since it installed because you ran it, worse case is you need to wipe your system if unable to figure out how to remove the virus, that means can't keep anything on storage all of it has to be wipe off, and reinstall fresh.
So do follow what 1st poster said for all steps, it's gonna kick scammer off your account for sure, but also want to make sure your system is safe, again if you WENT OUT OF YOUR way to run an app you knew it was a bad idea then yeah maybe think before randomly downloading stuff off the web, or from people from random places like discord, or emails that offering "free" whatever don't randomly run/install apps you don't know about.
That's a rather clear situation. Ever wondered why you can keep using the Steam website or the Steam client, without having to go through 2FA all the time? This is because, during login, Steam gives you login-key, which can be used to shortcut the login so you don't need the password an 2FA.
Of course, a malware can just read the key from wherever it's stored on your box.
then with all these system to ensure the safety however it only come down to the matter of time before your system is compromise. Might as well sell all these items for money to purchase game and stop supporting the cosmetic entirely. The inventory items will be gone regardless any way. sunk cost. done and done.
Holding up a mirror provides the answer to this one:
Sorry this happened to you, but once malware is installed on your system, everything you type into your computer (usernames, passwords, 2FA codes, etc.) and interact with should be considered compromised.
I still don't know how "cleaning out the inventory" actually works. To my knowledge, the login key (or the access key) cannot be used to bypass trading confirmations; I'd love to know how that works since I always have to confirm the trades that my Steam software generates.