Hey, friends. I'm new to the forum and would appreciate some discussion/healthy criticism.

My account got hacked one week ago, with the hacker clearing all my Steam Wallet balance and trying (but failing) to wipe out all my CS2 inventory. I logged in while he was listing my inventory items on the community market, so I reset everything before it was way too late.

Upon reflection, the most likely source of the security breach was that I downloaded malware from an unreliable website.

In my previous deleted post, the below statement received multiple doubts, but I stand by my words:

I never gave away my Steam Guard code or clicked any "confirm" before the account compromise, but the hacker had:

1. My Steam account;
2. Steam password;
3. My linked email account;
4. Email password; and
5. Control over my computer's C drive.


I am not able to prove myself of not doing certain things. Those "burden of proof" stuff, you know. Still, it was NOT a "vote for some team" incident - one key thing to note is that he did not trade all my valuable skins, but only bought and sold from the community market. For trading, confirmation is a must; for the community market, I'm not so sure.

Also, there was no change of credentials. My Steam was still linked to my email, and the password was not changed. That is not what a phishing scammer would allow unless he felt particularly merciful that day.

FYI, he first logged into my Gmail, my PayPal, then LinkedIn, Reddit...illegal transaction, harassing my friends, you name it. I had to call my bank and change passwords for 300+ different accounts. He made me reincarnate my stupid self after this. It was way bigger than some vote-for-team phishing scam.

The thing is, many other companies identified suspicious activity and helped me freeze my accounts there, including Amazon and Reddit, but not PayPal and, unfortunately, not Steam. I was not even by my phone when it all started, and when I checked my Steam Guard App, it appeared that over 100 more unrecognized devices were approved to access my account. I felt like a ♥♥♥♥♥.

How could he have done all those login approvals, let alone community market sales, if I had yet to give away my Steam guard information?

Also, could Steam's confirmation mechanism in the Community Market be improved? Sometimes, I need confirmation for a 0.5-dollar item, but a 10-dollar item is confirmation-free.

Moreover, selling a $0.04 skin for $200 is suspicious, at least, and should receive an automatic ban, stopping further transactions. That could save lives. Seriously.