2FA Steam guard Hjacked :: Help and Tips

All Discussions > Steam Forums > Help and Tips > Topic Details

Morty Aug 22, 2024 @ 9:57am

2FA Steam guard Hjacked

Hello, some days ago i got hacked and my steam guard was transferd to another device. I lost my inventory but i dont care. I m more worried that they transfered the 2FA by sms, with my phone number!! i didnt gave the code to anyone. The thing im sure about it s that they got my credential and they made an API key. THAT explain half of the problem cause i know from valve support that they transfered the steam Guard with sms and codes sent to myh phone. I have the sms with the codes but i dont know how they could have access to it. I dont use apps that are not from the play store, and i think that hacking a phone is very hard. Doing all that truble to steal 100 euro of skins... pls help cause i dont trust my phone right now

< >

Showing 1-12 of 12 comments

magicISO Sweden Aug 22, 2024 @ 9:58am

Accounts are phished not hacked.

You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Morty Aug 22, 2024 @ 10:07am

yeah i know i gave away my credantial i recognize that
but i have contacted steam support and they said that my Steam Guard was removed by sms confirmation. With my number . Here the message from steam support.
Here are Steam's records related to this event:
2024-08-11 16:17:35 Start SMS-based transfer
2024-08-11 16:17:56 Transferred to new device using SMS code sent to +(My phone number).
So how the hacker got acces tho the codes sent to my phone?
i m sure that i didnt gave those codes to anyone because i didnt even know that i received those at the moment i realized one week after, when they took my inventory.

Morty Aug 22, 2024 @ 10:10am

they got me cause i installed this plugin some months prior https://chromewebstore.google.com/detail/cs2-trader-steam-trading/kaibcgikagnkfgjnibflebpldakfhfih?pli=1. But i know my mistake and its ok... the thing that worries me its how they got the codes sent by SMS to my phone.

Bloody Moon Aug 22, 2024 @ 10:13am

To access accounts protected by Steam Guard, you need the code generated by your mobile device.
You have probably logged into third-party sites, or on Discord from some scammer, or in any other way using your credentials and Steam Guard code. Steam does not have other sites besides this one, and accounts cannot be hacked. You should remember where you click and on which sites you agree to enter your credentials.

Bloody Moon Aug 22, 2024 @ 10:14am

Originally posted by Morty:
they got me cause i installed this plugin some months prior https://chromewebstore.google.com/detail/cs2-trader-steam-trading/kaibcgikagnkfgjnibflebpldakfhfih?pli=1. But i know my mistake and its ok... the thing that worries me its how they got the codes sent by SMS to my phone.

Plugins is not made by Valve.

Your account is compromised, follow this guide and clean your pc, stop sharing your login details and stop install phishing sofware.

1. Scan for malware https://www.malwarebytes.com/
2. Deactivate all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your mobile app https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Last edited by Bloody Moon; Aug 22, 2024 @ 10:16am

Morty Aug 22, 2024 @ 10:20am

are using presetted messages? U are saying all the same thing. I am asking this: How scammers could have access to my sms codes. Steam support said that the trasfer of steam guard was executed by sms and the sms were sent to my phone.
as said before:
Here are Steam's records related to this event:
2024-08-11 16:17:35 Start SMS-based transfer
2024-08-11 16:17:56 Transferred to new device using SMS code sent to +(My phone number).

Morty Aug 22, 2024 @ 10:22am

I gave away my credential sign in in a malicius website 6 month ago BUT i did not give sms codes to anyone. Because i didnt even realized at the moment what was going on.

Darkwave Dahlia Aug 22, 2024 @ 10:28am

Originally posted by Morty:
Hello, some days ago i got hacked

And this is where you're wrong.
You willingly gave away your login credentials.

Morty Aug 22, 2024 @ 10:33am

i said multiple times that i know i gave my credantial away.... I'm asking how it's possible that they moved two-factor authentication, which is done via text message. I contacted support and they told me that two codes were sent to my personal phone number. In fact I have the two codes that were sent to me. How did the scammers get these codes that were sent to my personal phone number via text message? .
Here are Steam's records related to this event:
2024-08-11 16:17:35 Start SMS-based transfer
2024-08-11 16:17:56 Transferred to new device using SMS code sent to +(My phone number).