Tutte le discussioni > Discussioni di Steam > Help and Tips > Dettagli della discussione
Dax 10 gen 2024, ore 15:07
Account hijack while actievly using an account
I had a nasty hijack some time ago where someone somehow bypassed steam guard completely and was able to access my account to steal my wallet money and sell my in-game items without my consent. Since then I've made sure my API key is reset and I won't bother with any trading websites, no matter how popular, just to be safe.

Right now I noticed my wallet money going up while I was still logged in and playing a game. I checked market history and I saw bunch of my Rust skins sold for low in bulk. I immediately knew that it's happening again and de-authorized all devices and changed my password.

Is anyone else experiencing this kind of thing? I reached out to steam support the first time, pleading that they should at least fix this backdoor - or whatever it is. One thing for sure is that the hijacker is bypassing 2-factor authentications so I don't know what else can I do to ensure this stops.
Ultima modifica da Dax; 10 gen 2024, ore 15:08
< >
Visualizzazione di 1-15 commenti su 26
Wolf Knight 10 gen 2024, ore 15:08 
your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW to secure the account:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

if you do a seach using the list I posted, you would cry at how many times you find it including those lists posted by others.
#1
Maria 10 gen 2024, ore 15:21 
There is no such 'back door'

Have a read: :YuukaStare:
Messaggio originale di Nx Machina:
Accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to your account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, a pending ban scam on discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


And finally:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.


Having being with Steam 19+ years and not losing access to my account, i can state there is zero issue with the security until you and only you give away all your account details.
Ultima modifica da Maria; 11 gen 2024, ore 1:34
#2
Dax 10 gen 2024, ore 15:34 
Messaggio originale di Maria:
There is no such 'back door'

Have a read: :YuukaStare:
Messaggio originale di Nx Machina:
Accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to your account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


And finally:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.


Having being with Steam 19+ years and not losing access to my account, i can state there is zero issue with the security until you and only you give away all your account details.

That's what I don't get. I literally didn't give my credentials anywhere or bother with any links or trading websites. Especially since first time it happened, its been an extra layer of paranoia so I've been even more careful than ever, believing I might have accidentally used an unsecured trading website. I already revoked my APIs, I've changed my password multiple times, including my email one now. So its why I said backdoor, I know I'm probably wrong there, but I just don't understand how could someone have access to my account if I never provided my login in any shape or form. More so, someone using my account while I'm still actively using it myself.
Ultima modifica da Dax; 10 gen 2024, ore 15:34
#3
Maria 10 gen 2024, ore 15:39 
Messaggio originale di Dax:
That's what I don't get. I literally didn't give my credentials anywhere or bother with any links or trading websites. Especially since first time it happened, its been an extra layer of paranoia so I've been even more careful than ever, believing I might have accidentally used an unsecured trading website. I already revoked my APIs, I've changed my password multiple times, including my email one now. So its why I said backdoor, I know I'm probably wrong there, but I just don't understand how could someone have access to my account if I never provided my login in any shape or form. More so, someone using my account while I'm still actively using it myself.
Malware, probably.

It is not uncommon for the victims, either by giving away unknowingly or infected by malware to not realize what was going on.
#4
Teksura 10 gen 2024, ore 15:40 
There is a reason why we give you 5 steps to go through when securing your account. If you don't do all of them, whoever got into your account may still have access and can reestablish everything with the access you gave them the first time.

And nothing stops you from having multiple active login sessions. I don't know where you got that idea from. Have you ever logged in on your web browser before? Did you notice how you weren't kicked out of the Steam client?
#5
Muppet among Puppets 10 gen 2024, ore 15:41 
Do the 5 steps in the post above, and also check email and phone number on the steam account.
#6
Dax 10 gen 2024, ore 15:56 
Messaggio originale di Teksura:
There is a reason why we give you 5 steps to go through when securing your account. If you don't do all of them, whoever got into your account may still have access and can reestablish everything with the access you gave them the first time.

And nothing stops you from having multiple active login sessions. I don't know where you got that idea from. Have you ever logged in on your web browser before? Did you notice how you weren't kicked out of the Steam client?

Yes I did those 5 steps already.

Because Steam guard showed my approximate geolocation to confirm the login. So I assumed that there's something to stop from account being controlled from multiple geolocations and that it can maybe recognize that the phone and laptop inside same location as my computer indeed belong to me. Or completely new devices that doesn't recognize if it can acquire that information too. I mean, a Google account has those barrier set in place, I dunno if Steam has similar or not.
Not an expert, just my guess.
Ultima modifica da Dax; 10 gen 2024, ore 15:56
#7
Dax 10 gen 2024, ore 16:08 
Also I realized that they turned all of my trading cards and emotes into gems, and sold the gem sacks on market successfully for seemingly lot more than they normally cost.
Did a person did this or are bots advanced enough to do such actions this fast? Including selling items in bulk.
I'm gonna do checks for possible malware, so far I found none with Windows Defender.
#8
Pscht 10 gen 2024, ore 16:15 
They told you to use Malwarebytes. Reason is in the name.
#9
Dax 10 gen 2024, ore 16:38 
Messaggio originale di Pscht:
They told you to use Malwarebytes. Reason is in the name.

What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.
#10
Maria 10 gen 2024, ore 17:26 
Messaggio originale di Dax:
What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.
We are just trying to help you find the hole. If you didn't get phished by accidentally entering your credentials, then it must be malware. There is no backdoor on Steam's end. :greenarmor:

Choose who you'd rather to doubt. Your memory, or Windows Defender. Or both. Or would you rather join the other side and be convinced Steam has a data breach? :NorminGreen:

Even after Malwarebytes came up negative, I recommend you do a full reinstall of your windows and hope for the best. :green_grenade::shiva:
Ultima modifica da Maria; 10 gen 2024, ore 17:30
#11
Dax 10 gen 2024, ore 17:53 
Messaggio originale di Maria:
Messaggio originale di Dax:
What is so special about it that that Windows Defender cannot do? Antivirus is an antivirus, no matter which one you use, from what I know. And I've read positive things about Windows Defender's efficiency.
We are just trying to help you find the hole. If you didn't get phished by accidentally entering your credentials, then it must be malware. There is no backdoor on Steam's end. :greenarmor:

Choose who you'd rather to doubt. Your memory, or Windows Defender. Or both. Or would you rather join the other side and be convinced Steam has a data breach? :NorminGreen:

Even after Malwarebytes came up negative, I recommend you do a full reinstall of your windows and hope for the best. :green_grenade::shiva:

I know, I don't want to deny help.
But what else can I say, you can only take my word that I've only used Steam for its official market, the backpack.tf few times which is a decade-old and didn't cause any problems so far, and of course to play games. Spoke to no one and avoided links like plague even when not related to Steam as Discord has its fair share of phishing. Like I said, the first time it happened really made me more careful than ever, otherwise I would be a true idiot to not consider that extra carefulness.

Besides, I can be fully positive that Steam not asking for extra confirmation when items are sold under ~0.80 euros, has allowed hijackers to screw with my inventory. Unless I can change that in a setting I wasn't aware of.

Anyway, my windows could indeed use a refreshing system reinstall, you are right.
#12
Unn4m3d (♥AUT♥) 10 gen 2024, ore 20:56 
Messaggio originale di Dax:
the backpack.tf few times which is a decade-old and didn't cause any problems so far


Aaaand there you have it. Third Party Site. Of course, as usual, OP goes in denial before admitting it.


"So far not caused trouble" is meaningless, they can sit on your account for years before striking.
Ultima modifica da Unn4m3d (♥AUT♥); 10 gen 2024, ore 20:56
#13
Dax 10 gen 2024, ore 21:00 
Messaggio originale di Unn4m3d (♥AUT♥):
Messaggio originale di Dax:
the backpack.tf few times which is a decade-old and didn't cause any problems so far


Aaaand there you have it. Third Party Site. Of course, as usual, OP goes in denial before admitting it.


"So far not caused trouble" is meaningless, they can sit on your account for years before striking.

I kinda didn't want to say it so smartasses like you won't reply with "hurr durr there you go".

I don't know if backpack.tf had security issue or something recently, but it is a VERY well-known and reputable website in trading scene. Same with scrap.tf for example. I HIGHLY doubt it was the culprit, considering how many ppl used it and for how long.
Ultima modifica da Dax; 10 gen 2024, ore 21:01
#14
Unn4m3d (♥AUT♥) 11 gen 2024, ore 0:56 
Messaggio originale di Dax:
Messaggio originale di Unn4m3d (♥AUT♥):


Aaaand there you have it. Third Party Site. Of course, as usual, OP goes in denial before admitting it.


"So far not caused trouble" is meaningless, they can sit on your account for years before striking.

I kinda didn't want to say it so smartasses like you won't reply with "hurr durr there you go".

I don't know if backpack.tf had security issue or something recently, but it is a VERY well-known and reputable website in trading scene. Same with scrap.tf for example. I HIGHLY doubt it was the culprit, considering how many ppl used it and for how long.

Yes, all of those "well known reputable sites" are the ones hijacking accounts.

But sure, stay in denial. It's your account that will get compromised again if you keep using them.
Ultima modifica da Unn4m3d (♥AUT♥); 11 gen 2024, ore 0:58
#15
< >
Visualizzazione di 1-15 commenti su 26
Per pagina: 1530 50

Tutte le discussioni > Discussioni di Steam > Help and Tips > Dettagli della discussione
Data di pubblicazione: 10 gen 2024, ore 15:07
Messaggi: 26
Inizia una nuova discussione

Regole e linee guida per le discussioni