All your items are lost !!

On some day you had got fooled/tricked by scammers so to given away your steam account credentials on some fake and/or phishing website/link literally, so even the QR and/or SteamGuard codes got cloned for them and/or simply becoming bypassed ..

So, if you logged in into a scam/phishing site, you gave away all of your Steam Account credentials and login informations. A bot creates and places an API-key into your Steam account and therefore get semi-full access to it. This API-key grants remote access for developers or in your case for the scammer & hijacker.

Hundreds and thousands of Steam Accounts become hijacked like this on a DAILY BASIS, cuz of greed .. using account credentials and security measures without a brain ..

Your hijacked items are lost..!

Here, work through that list if you havent yet:


Stay cool!! They have gained access to your Steam account!!

You have been fooled/tricked by scammers/hijackers to give away your login credentials on some fake and/or phishing website, link or similar!!

Many scams try and scare you into trading your items and they become hijacked !!
Hijacked money and items will NOT be recovered by Steam Support since 2015 !!

https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24

1. Scan for malware:
   https://www.eset.com/int/home/online-scanner/
   
   
2. Change your E-Mail Account password from a trusted/clean computer or device!!
   
   
3. Check, if your E-Mail address and Phone number are still correct:
   https://store.steampowered.com/account/
   
   
4. Revoke/Delete the API key, there should be a blank field in the APIKEY section:
   https://steamcommunity.com/dev/apikey
   
   
5. Immediately deauthorize all devices - this logs you out of Steam:
   https://store.steampowered.com/twofactor/manage
   
   
6. Change Steam Account password from a trusted/clean computer or device!!
   
   
7. Generate new backup codes:
   https://store.steampowered.com/twofactor/manage
   
   
8. Deauthorize all devices again:
   https://store.steampowered.com/twofactor/manage
   
   
9. Re-check the APIKEY section & report all involved scammer/hijacker on associated platform/s!!

https://help.steampowered.com/en/faqs/view/4D07-D139-587C-2080

1. Report Player
   
2. They are involved in theft, scamming, fraud or other malicious activity
   
3. They are engaged in item theft or scamming
   or: They are trying to steal my account or information
   
4. Submit this account for review
   
5. "your personal text"

• https://help.steampowered.com/en/wizard/HelpWithAccountStolen
  
  
• https://help.steampowered.com/en/faqs/view/0A94-F308-34A5-1988

https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560


https://help.steampowered.com/en/faqs/view/70E6-991B-233B-A37B


Also check from where your account was being accessed from:
https://help.steampowered.com/en/accountdata/SteamLoginHistory


Open a Support Ticket, Steam Support might help localizing the hijacker:
https://help.steampowered.com/en/wizard/HelpAccountDataQuestion


Here is more account related data to find:
https://help.steampowered.com/en/accountdata/


Good Luck !!

i have never traded any skins in my life, or clicked links for trades of other people/sites or whatever...


I do have those websites that gets info for our matchs, leetfy and such
are those a possibility?

Other then that, without considering these links
is there any other way/virus that could bypass all of that? it simply makes no sense steam has such a weak security system and yet, does nothing about it

Yes, they are very much a possibility.

Steam itself is secure. You're the leak. You are literally the only one that can leak all account credentials as Steam does not store passwords. Only a HASH (comparable to a fingerprint) that is scrambled with a SALT function.
Which is pretty standard stuff.

So Steam can verify that the password you entered is correct without ever knowing what the password actually is.
That means, they can't leak the password to someone.
Which in turn means, you did. At some point you leaked your credentials and let someone into your account.

You gave away all your Steam login credentials ... just read the other dozens of daily threads like this ... it usually begins through Discord and/or a (fake/scamming) trading site ...

Malware as a keylogger or trojan could be a (RARE) possibility ...

I understand that it has to be a leak somewhere and that 99% of the time is the user itself...I just don't get how it happened and how easy it was to hackers to do all that
I mean, in about 5 minutes, they bought random items and sold arround 150 items...shouldn't that raise a SINGLE flag to the steam? Come on, we don't even have a multi-selling way of doing this, isn't it obvius that it is a bot doing it? haha


-------
Anyway:

I followed the steps above, and almost everything is clear
the malware scan got me this:
C:\Users\Ricardo\AppData\Roaming\Kusa\UIxMarketPlugin.dll Win32/Agent.AGCN trojan
C:\Users\Ricardo\Desktop\torrent\1.4.0\UIxMarketPlugin.dll Win32/Agent.AGCN trojan

(any of those is a well known trojan that could be the cause?)

and I had no API Keys registered...the leetfy/match thing I said earlier only uses my ID (public info as far as I know)

Oh, and as I said earlier...never traded or tried to trade anything via steam nor clicked any "trade links"

Originally posted by Retalhador:

Oh, and as I said earlier...never traded or tried to trade anything via steam nor clicked any "trade links"

You've allowed yourself to become compromised somehow previous whether you realise it or not. Only way for someone to get into your account is with the all the credentials including a code (previous) or via a phone confirmation. May users have been shadow-hijacked spanning months and even longer so it's possible hijackers have been sitting idle on your account for a very long time and only striking now.

Have you used any 3rd party sites?

What kind of 3rd party sites?

I use leetfy, mas it only takes the Steam ID...never used any kind of trade skins site or whatever


Obs: I have 2 steam accounts on my computer (email account, tibia account, epic games and other sutff as well), only 1 of them got affected...that makes me think it's not a malware on my computer...(I posted above the 2 malweres that were found)

Originally posted by Retalhador:

What kind of 3rd party sites?

I use leetfy, mas it only takes the Steam ID...never used any kind of trade skins site or whatever


Obs: I have 2 steam accounts on my computer (email account, tibia account, epic games and other sutff as well), only 1 of them got affected...that makes me think it's not a malware on my computer...(I posted above the 2 malweres that were found)

Either you gave away your credentials or they were captured with tailored malware. It's one or the other. If the person running the trojan targeted you for the purpose of your Steam then that could very well be the source. Having that on your PC alone is not good at all regardless.

Having what on my PC?sorry, I missed the point.
do you mean the connection with the leetfy website?having multiple steam accounts?
or having those 2 malware I said earlier


if someone has my credential, they were stolen for sure.

Follow-up question: tomorrow, will I be able to see where my steam was logged to make all these transactions? in the recent login page, it updates every day, so, someone/something logged onto it, right?

If you havent yet secure your account/s as mentioned above and do a full fresh & clean reinstall of your OS. Not a recovery, nor to roll a backup ...