You leaked your login data or your mail is compromised.

Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Regarding items:
https://help.steampowered.com/faqs/view/3B6E-B322-2400-8D24

Keep in mind that hijack might have happened a long time ago and they simply waited.

There has being no security breach. You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Or please explain how in 19+ years i have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.

Also, you might want to change all passwords for any email accounts associated with those Steam accounts.

Originally posted by WayneDunlap:

My main is fine

I wouldn't bet on it. You may be compromised there and not yet realise it. If multiple accounts are affected then it's safe to assume that all are and if something in your main is worthwhile to the scammers then they will do their utmost best not to expose themselves or that the account is shadow-hijacked.

This sounds very much like a severely compromised device. You should check all the devices you use to access your Steam accounts for malware and such. You might need to be thorough.

Originally posted by J4MESOX4D:

Originally posted by WayneDunlap:

My main is fine

I wouldn't bet on it. You may be compromised there and not yet realise it. If multiple accounts are affected then it's safe to assume that all are and if something in your main is worthwhile to the scammers then they will do their utmost best not to expose themselves or that the account is shadow-hijacked.

All my alts had like no protection on them. I changed the password and have the authenticator on it now.

I just want to know how

Originally posted by Crazy Tiger:

This sounds very much like a severely compromised device. You should check all the devices you use to access your Steam accounts for malware and such. You might need to be thorough.

I just want to know how tho, I checked my device with windows defender and maleyrebytes several times and nothing.

And it happened to accounts that I haven't used in a year

Originally posted by JPMcMillen:

Also, you might want to change all passwords for any email accounts associated with those Steam accounts.

Did that off rip in the panic

Originally posted by WayneDunlap:

Originally posted by J4MESOX4D:

I wouldn't bet on it. You may be compromised there and not yet realise it. If multiple accounts are affected then it's safe to assume that all are and if something in your main is worthwhile to the scammers then they will do their utmost best not to expose themselves or that the account is shadow-hijacked.

All my alts had like no protection on them. I changed the password and have the authenticator on it now.

I just want to know how

If you had no protection then your device is likely infected with capture-based malware and the scammers could then instantly login their end. Also just because your main may have protection doesn't mean it is safe - 2FA is just an extra security layer. You should probably do the steps given in the first response on that one too.

Originally posted by Nx Machina:

There has being no security breach. You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Or please explain how in 19+ years i have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.

How did I give away my details from an account I made a year ago and only used for a couple hours?

The only plausible thing is malewayre but I checked my pc a million times

Originally posted by WayneDunlap:

Originally posted by Nx Machina:

There has being no security breach. You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Or please explain how in 19+ years i have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.

How did I give away my details from an account I made a year ago and only used for a couple hours?

The only plausible thing is malewayre but I checked my pc a million times

Were all these accounts bound to the same email and did you have the same password for all?

Originally posted by J4MESOX4D:

Originally posted by WayneDunlap:

All my alts had like no protection on them. I changed the password and have the authenticator on it now.

I just want to know how

If you had no protection then your device is likely infected with capture-based malware and the scammers could then instantly login their end. Also just because your main may have protection doesn't mean it is safe - 2FA is just an extra security layer. You should probably do the steps given in the first response on that one too.

Yeah I did, is windows defender scans and malewayre byte scans enough? Because nothing was found

Originally posted by J4MESOX4D:

Originally posted by WayneDunlap:

How did I give away my details from an account I made a year ago and only used for a couple hours?

The only plausible thing is malewayre but I checked my pc a million times

Were all these accounts bound to the same email and did you have the same password for all?

They were all different emails I had but the password was the same

Originally posted by WayneDunlap:

How did I give away my details from an account I made a year ago and only used for a couple hours?

The only plausible thing is malewayre but I checked my pc a million times

If it's deeply rooted only sure way is c:format and OS clean reinstall. Or associated mail is compromised and they had access to everything connected to it.