Zainstaluj Steam
zaloguj się
|
język
简体中文 (chiński uproszczony)
繁體中文 (chiński tradycyjny)
日本語 (japoński)
한국어 (koreański)
ไทย (tajski)
български (bułgarski)
Čeština (czeski)
Dansk (duński)
Deutsch (niemiecki)
English (angielski)
Español – España (hiszpański)
Español – Latinoamérica (hiszpański latynoamerykański)
Ελληνικά (grecki)
Français (francuski)
Italiano (włoski)
Bahasa Indonesia (indonezyjski)
Magyar (węgierski)
Nederlands (niderlandzki)
Norsk (norweski)
Português (portugalski – Portugalia)
Português – Brasil (portugalski brazylijski)
Română (rumuński)
Русский (rosyjski)
Suomi (fiński)
Svenska (szwedzki)
Türkçe (turecki)
Tiếng Việt (wietnamski)
Українська (ukraiński)
Zgłoś problem z tłumaczeniem
Zasady dyskusji i wytyczne
Zgłoś ten post
You gave away all your account details.
The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.
How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.
How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.
The alternative is not plausible:
1) Someone would have to "GUESS" your account name from "millions of possible combinations".
2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".
3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.
Or please explain how in 19+ years i have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.
I have since changed my password and email, but I did not receive any notifications on my phone about any access to my accounts. The email regarding the Steam Guard Mobile Authenticator change ended up in my spam folder. If I had seen this email in time, I would have denied the unauthorized change. As I only just returned and everything seemed normal until I investigated this morning, I believe that requiring explicit approval for such changes—rather than just allowing denial—would significantly enhance security. As my breach would have automatically been denied as I didn't receive the notification in my inbox but my junk mail and was not looking for it.
I currently have a trade in progress from two days ago that is still on hold, while a fraudulent trade initiated the next day was processed without any hold. This trade involved all of my in-game items and was completed without my authorization or knowledge I was actually online and playing a game at the time of the transaction and I had not gotten any notifications about it like I did when my friend was sending me a gift that I had to approve and accept.
I did not receive any notifications for this fraudulent trade at all I wouldn't have even know had i not tried to skin something this morning. Then I went searching my emails and found the email to deny the Steam Guard Mobile Authenticator change, which unfortunately ended up in my spam folder and was unopened. I have not authorized any transfers or trades that account at all, and the only reason the fraudulent trade went through without a hold is that both I and the scammer were apparently authorized (I think they should have the one day hold like they do for friends).
I have set up all recommended security measures, but it seems these precautions may have inadvertently allowed the instant transfer of my items to the scammer. I am unsure what additional steps I could have reasonably taken to prevent this situation, as I was not aware that I needed to look for an email to deny such changes. The only account that is connected to my steam account is my Twitch account, I don't know if that's where the information got fished. This approach feels backward, as if I had to confirm not deny the change it would have never went through.
Accounts are not 'hacked' either and there has been no record ever of a brute-force entry on this platform on any account. I very much doubt you'd be the first in over 100,000,000.
The only issue I can identify is that I missed the denial email from Steam regarding the authentication change. I wasn’t expecting any such email because I didn't initiate any changes, and the email ended up in my spam folder. I’ve since whitelisted Steam emails to prevent this from happening again. Normally, I receive all marketplace emails without any issues.
I haven’t shared my information or clicked on any links that I’m aware of. The only non-Steam account linked to my Steam account is Twitch, so it’s possible that information might have been compromised there, although I’m not certain. If the email had been an approval rather than a denial, I would likely be in a different situation, as the change would have been denied by default due to my lack of response. I was actively playing a game when this happened and did not receive the usual notifications related to trading items.
I’ve already updated all my passwords, a step I had taken about four months ago after an email compromise on my son’s account prompted us to change passwords across all our accounts.
The recommended steps for securing a Steam account is these:
1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
Other than that your notion would seem to make sense and if you can come up with justification that the current system's problems are worse, I'd post it in the Suggestions / Ideas forum.
Thank you; this was the most helpful comment. I ran a scan and detected one threat, so that might be the issue. We’ve discussed security with my son, but he only uses his own computer. Whenever there's a compromise, we change everything, even if the account isn't directly affected. I updated all our passwords this morning and have addressed all the other items on the list. We also took similar precautions with my son's account about four months ago, just to be safe.
I wish there were a way to cancel the trade since it’s less than 24 hours old—actually, it’s less than 12 hours old. I don’t understand why there was no hold on this trade, especially when there was a hold on a recent trade with a trusted friend. What frustrates me is that I was actively online and playing when the trade occurred, but I received no notifications from Steam, unlike when I trade with trusted friends. Normally, there’s an alert message that pops up and dings even if I’m in-game. I don’t know why none of that happened. I can also see the notifications from my friends trade in my notifications but there is NOTHING for the the fraudulent transaction, how is that possible?
I feel very defeated. I thought my account was secure with all the authentication measures in place. Now, with over $500 worth of in-game items gone in an instant and no assistance in recovering anything, it’s disheartening. After 15 years of having this account with no issues, it’s incredible that there’s no way to get help.
Phishing and malware are how this happens.
Not sure why the spam folder would grab the Steam thing, might want to check how bad your e-mail service is, if it thinks that's spam.
I don’t understand why this trade was instant—no notifications, no hold period, nothing. Every trade I’ve made has had a 14-day hold period, even trades between our family accounts have a 24-hour hold. I have a trade that’s on hold currently that’s legitimate. Please can someone tell me how to make that trade instant or is it only scammers that get rewarded with instant transfers?I became aware of the issue less than 6 hours after it happened, and I’m being told that nothing can be done to help me. I can see the account where all my items went, and I know they can see the transactions. If the items have only been traded to the scammer, why can’t they stop it? It feels like they just won’t do anything.
Items are not returned. You can blame your fellow gamers who abused and misused the previous policy for that. The item restoration policy as it is: https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24
If you're expecting to get the items back, you're having wrong expectations here.
It wasn’t though it happened on the 21st that’s what the email is dated. That’s only 3 days ago.
The trade happened instantly last night (8/23) at around 11 PM to a level 1 account. The email to deny the change of authentication is dated 8/21, so it was less than three days ago. It seems clear that nothing will be done to help. I want to understand why there was no hold or any other security measure in place, especially when every other trade I’ve made has had a hold and at least one conformation notification. This was a trade of 178 items instantly to a new lvl 1 account I’ve never interacted with before… you would think that would set off some red flags… I’ve never had any issues with my account until I set up authentication about four months ago, I’ve had this account for 15 years, and we updated everything to ensure security.