Account hijack while actievly using an account

所有討論 > Steam 討論區 > Help and Tips > 主題細節

Dax 2024 年 1 月 10 日下午 3:07

I had a nasty hijack some time ago where someone somehow bypassed steam guard completely and was able to access my account to steal my wallet money and sell my in-game items without my consent. Since then I've made sure my API key is reset and I won't bother with any trading websites, no matter how popular, just to be safe.

Right now I noticed my wallet money going up while I was still logged in and playing a game. I checked market history and I saw bunch of my Rust skins sold for low in bulk. I immediately knew that it's happening again and de-authorized all devices and changed my password.

Is anyone else experiencing this kind of thing? I reached out to steam support the first time, pleading that they should at least fix this backdoor - or whatever it is. One thing for sure is that the hijacker is bypassing 2-factor authentications so I don't know what else can I do to ensure this stops.

最後修改者：Dax; 2024 年 1 月 10 日下午 3:08

< >

目前顯示第 16-26 則留言，共 26 則

JPMcMillen 2024 年 1 月 11 日上午 1:10

引用自 Dax：
引用自 Unn4m3d (♥AUT♥)：

Aaaand there you have it. Third Party Site. Of course, as usual, OP goes in denial before admitting it.

"So far not caused trouble" is meaningless, they can sit on your account for years before striking.

I kinda didn't want to say it so smartasses like you won't reply with "hurr durr there you go".

I don't know if backpack.tf had security issue or something recently, but it is a VERY well-known and reputable website in trading scene. Same with scrap.tf for example. I HIGHLY doubt it was the culprit, considering how many ppl used it and for how long.

It may not have been recent. Sometimes when you use your Steam credentials on a site like that, they log a bot into your account that could sit there for years until whoever controls the bot gets around to checking on your account. This is especially true for popular trading websites or very convincing phishing scams as they may net thousands of accounts they can now access.

Also, waiting is one of the tactics used to help obfuscate when the account was compromised. They know the vast majority of Steam users aren't going to be checking for API keys or regularly deauthorizing all devices from their account, so they have time to wait. And by waiting to strike, their victims aren't as likely to know where their account information got leaked, or will deny a site they used long ago was the culprit.

#16

Lord-Ducki 2024 年 1 月 11 日上午 1:28

hello guys i an old gamer.i joined steam for dota 2 back in 2012, and recently last night my account got hacked then suddenly all my items on sale after that i receive money then all the money was just vanished in thin air. :(....it was really old item although i just play dota 2 . can someone please help me where can i get my items back ?
There is one more thing i want to ask, steam hold some payment for my items and its says it is because of in legal activity on account and it will release after 1 day. will i able to get it or it will also gone ?
please someone help :( where can i report all this ?

#17

Maria 2024 年 1 月 11 日上午 1:33

引用自 Lord-Ducki：
hello guys i an old gamer.i joined steam for dota 2 back in 2012, and recently last night my account got hacked then suddenly all my items on sale after that i receive money then all the money was just vanished in thin air. :(....it was really old item although i just play dota 2 . can someone please help me where can i get my items back ?
There is one more thing i want to ask, steam hold some payment for my items and its says it is because of in legal activity on account and it will release after 1 day. will i able to get it or it will also gone ?
please someone help :( where can i report all this ?

Take the following steps to secure your account:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Steam does not return inventory items or wallet funds: https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24

If you want more details about what happened to you, check out the second post of this thread.
https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

最後修改者：Maria; 2024 年 1 月 11 日上午 1:35

#18

Nx Machina 2024 年 1 月 11 日上午 1:57

引用自 Dax：
What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.

Having used Malwarebytes for years, i have never had malware on my PC.

#19

Maria 2024 年 1 月 11 日上午 2:03

引用自 Nx Machina：
Having used Malwarebytes for years, i have never had malware on my PC.

Maybe I should've asked you first before quoting your post.

#20

Nx Machina 2024 年 1 月 11 日上午 2:04

引用自 Maria：
Maybe I should've asked you first before quoting your post. :tobdog:

I have zero problem with anyone quoting a post as a reference.

#21

Maria 2024 年 1 月 11 日上午 2:05

引用自 Nx Machina：
I have zero problem with anyone quoting a post as a reference.

roger that,

i like how you explain it. it is easy to understand.

最後修改者：Maria; 2024 年 1 月 11 日上午 2:06

#22

Crazy Tiger 2024 年 1 月 11 日上午 2:13

引用自 Dax：
引用自 Pscht：
They told you to use Malwarebytes. Reason is in the name.

What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.

It's better against malware than Defender is.

And there is actually still a difference between anti virus and anti malware.

引用自 Dax：
引用自 Unn4m3d (♥AUT♥)：

Aaaand there you have it. Third Party Site. Of course, as usual, OP goes in denial before admitting it.

"So far not caused trouble" is meaningless, they can sit on your account for years before striking.

I kinda didn't want to say it so smartasses like you won't reply with "hurr durr there you go".

I don't know if backpack.tf had security issue or something recently, but it is a VERY well-known and reputable website in trading scene. Same with scrap.tf for example. I HIGHLY doubt it was the culprit, considering how many ppl used it and for how long.

Such sites are magnets for phishing redirects. Not all such sites are ran by scammers, but they're targets. Same with esports sites like FaceIT, they too have had phishing issues.
These phishers are smart enough to not hijack everybody, but in batches.

All 3rd party sites are suspect because of that.

Being a known and popular site is actually a bad thing. It means people are less likely to understand how things can go and defend their usage of such sites even though they caused the credentials leak themselves.

#23

Lithurge 2024 年 1 月 11 日上午 3:29

引用自 Dax：
引用自 Pscht：
They told you to use Malwarebytes. Reason is in the name.

What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.

Because they don't always pick up new virus variants at the same time. While they rely more on heuristic scanning these days it's far from perfect and they still need the basic training of known virus behaviour to spot actual and potential issues.

In this case it's a belt and braces, if you did have a virus, then it would be a case of Defender failing to spot and stop it, so scanning with a second one gives a better chance of confirming or otherwise this was the cause of the problem.

Although in your case you've now admitted to using a 3rd party site so the point is somewhat moot.

#24