All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
foltix May 4, 2024 @ 1:22am
How can I secure my account after I got hacked?
Hey guys,
when I woke up, I saw, that tons of transaction has been made on my account.

I received 100+ emails saying that something got bought or selled.
I have some for me expensive skins and was shocked to see, that none of them got traded?

I also have steam guard enabled and got requests but didnt answer them (i was sleeping).

I checked to see if i have an api and it was, but i dont know, if it was the api for the trading check or if someone else was in there...

My question now is, how do i secure my account, so nothing happens?

I changed my password and deleted the api from my account.

Thank you
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by Jerry:
Here's our usual "laundry list" for compromised accounts. Do all of it.

Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
Check that the email and phone number on the steam account is still yours.

A malware check would not hurt either.

The most likely reason for this to happen is, that you logged into a phishing website. "Get 5 Dollar", "Vote for my Team", "I am giving away all my inventory"... that sort of crap. Don't do that.

And speaking of it:
Do never enter your Steam login details directly on other websites again. Instead, when a website (even if it seems to be a Steam profile or trade) asks for your Steam login, leave it, go to the main page of Steam (store.steampowered, maybe best to bookmark it too, so you don't fall for false main pages) and log in there. Then go back to the other website. A legitimate website now will show your account on the login page and will allow you to confirm it. A phishing page, that wants to do bad things to your account, will keep asking for your name and password.
< >
Showing 1-6 of 6 comments
The author of this thread has indicated that this post answers the original topic.
Jerry May 4, 2024 @ 1:26am 
Here's our usual "laundry list" for compromised accounts. Do all of it.

Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
Check that the email and phone number on the steam account is still yours.

A malware check would not hurt either.

The most likely reason for this to happen is, that you logged into a phishing website. "Get 5 Dollar", "Vote for my Team", "I am giving away all my inventory"... that sort of crap. Don't do that.

And speaking of it:
Do never enter your Steam login details directly on other websites again. Instead, when a website (even if it seems to be a Steam profile or trade) asks for your Steam login, leave it, go to the main page of Steam (store.steampowered, maybe best to bookmark it too, so you don't fall for false main pages) and log in there. Then go back to the other website. A legitimate website now will show your account on the login page and will allow you to confirm it. A phishing page, that wants to do bad things to your account, will keep asking for your name and password.
#1
Unn4m3d (♥AUT♥) May 4, 2024 @ 1:27am 
Follow the steps in Post #1.
Do note that nobody "hacked" your account, you leaked your account information somewhere.
Last edited by Unn4m3d (♥AUT♥); May 4, 2024 @ 1:27am
#2
foltix May 4, 2024 @ 1:30am 
Originally posted by Jerry:
Here's our usual "laundry list" for compromised accounts. Do all of it.

Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
Check that the email and phone number on the steam account is still yours.

A malware check would not hurt either.

The most likely reason for this to happen is, that you logged into a phishing website. "Get 5 Dollar", "Vote for my Team", "I am giving away all my inventory"... that sort of crap. Don't do that.

And speaking of it:
Do never enter your Steam login details directly on other websites again. Instead, when a website (even if it seems to be a Steam profile or trade) asks for your Steam login, leave it, go to the main page of Steam (store.steampowered, maybe best to bookmark it too, so you don't fall for false main pages) and log in there. Then go back to the other website. A legitimate website now will show your account on the login page and will allow you to confirm it. A phishing page, that wants to do bad things to your account, will keep asking for your name and password.
Thank you very much <3
#3
Josesayan5 Apr 23 @ 8:18am 
What do I do if my only devices are my phone and my laptop? I can't change Steam password from my phone

Also, used antivirus and removed a malware before changing password from my laptop. Is there something else I should do aside from the list?
#4
Maria Apr 23 @ 8:36am 
Originally posted by Josesayan5:
What do I do if my only devices are my phone and my laptop? I can't change Steam password from my phone

Also, used antivirus and removed a malware before changing password from my laptop. Is there something else I should do aside from the list?
What's stopping you from changing password from mobile? Don't you have steam mobile app installed?
#5
Eli Apr 23 @ 11:22am 
This thread was quite old before the recent post, so we're locking it to prevent confusion.
#6
< >
Showing 1-6 of 6 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: May 4, 2024 @ 1:22am
Posts: 6
Start a New Discussion

Discussions Rules and Guidelines