COACH Aug 23, 2024 @ 1:12am
Fake QR code scam
So I was trying to show my friends my Leetify account and stats. I googled Leetify, first result, clicked it. Chose to scan the QR code on the site through the steam apps QR code login feature, but nothing happened. I soon realized that I did not make my Leetify account with steam, but faceit, however there was not a faceit login option... my heart sank.

What happens if I scanned the QR code, but nothing was sent to me via SMS or email or steam app to approve any logins? After scanning the QR code, nothing happened. I scanned again, nothing happened. Zero sms, email, or steam app notifications that typically give me a code or require me to approve the login from a specific location by clicking the big green APPROVE button that appears in the steam app. the QR code I believe "blurred" out on the fake login page or something to that effect, but other than that, nothing triggered on my end, and I did not get requested to approve the login.

After this, I realized that the page was a SPONSORED fake page on Google (shame on you Google)

So I reset my password, logged out of all devices, cleared mobile authenticator and created a new one like 10 times over the last 24 hours at random times (all verified with my sms texts and cross referenced to the total times I did this vs the number of deactivated and activated emails sent to me), my API key section was empty as I do not trade things online outside of steam, reset my trade link just in case, and finally generated 30 one time backup codes which I wrote down manually like a 65 year old setting up their internet password for the first time.

Would that mean everything should be good? Maybe at least a 15 day trade ban and 15 days of painful stupidity-induced anxiety? From what I have read online, on here and other forums, it seems like the steps I took AFTER messing up are the best one can do to prevent account issues, however due to it being the steam QR code, I am worried that despite not approving or giving any codes to anyone after the two scans, they can somehow still be within the walls of my account waiting to strike.

Anyways,

All the best, and thanks for taking the time to read.
< >
Showing 1-3 of 3 comments
J4MESOX4D Aug 23, 2024 @ 1:32am 
Make sure you've deathorised all other devices too https://store.steampowered.com/twofactor/manage
COACH Aug 23, 2024 @ 2:15am 
I did this about 3 times, twice from my phone and once from my pc my wording of "logged out of all devices" was not very clear. Other than that, how do you think I fair?

Thanks for the response!
Aluvard Aug 23, 2024 @ 2:52am 
If you did all steps below, your account should be safe (in your case malwarebytes scan is optional).
1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
< >
Showing 1-3 of 3 comments
Per page: 1530 50

Date Posted: Aug 23, 2024 @ 1:12am
Posts: 3