All Discussions > Steam Forums > Help and Tips > Topic Details
PanTovarnik Aug 13, 2024 @ 5:08am
Hacked account without email confirmation or steam guard confirmation
About 30 minutes ago, I received a notification on my Steam Guard app indicating that I was selling some items from Rust. I immediately checked my email for any confirmation messages but found nothing. The same was true on the Steam Guard app. A few seconds later, an email popped up showing that I had sold 25 items and purchased 2 others—two useless Dota 2 cards, each costing €1, but worth only €0.03.

While this isn’t a significant financial loss, I’m really frustrated because I have no idea how the hacker accessed my account. I’m also curious to know if Steam can ban the person I bought these items from, as I believe that’s the hacker.
< >
Showing 1-1 of 1 comments
Ettanin Aug 13, 2024 @ 5:16am 
You exposed your login credentials:
a) Either by logging into a site that faked a Steam login and made a bot log into your account using the save password as well as the trust device feature while injecting a Steam API access into it.
b) Or by installing malware that stole your session data or injected a keylogger.
c) Or by using outdated login information that got exposed in a leak.
d) Or by falling for a Steam Support impersonation scam on Discord or similar platforms.

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Ensure your email address and/or password aren't contained in any public breaches:
- Email: https://haveibeenpwned.com/
- Password: https://haveibeenpwned.com/Passwords
-- If they are contained in any public breaches ("oh no, pwned!"), change your email account's password from a secure computer before proceeding.
-- If that happens, you may want to secure other accounts than just Steam.
-- Consider using mobile two-factor authentication on your e-mail address if your e-mail provider supports it.
4. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
5. Change passwords from a clean computer
6. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
7. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
8. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.
9. If points were stolen within 14 days, reset your Steam password (not change, RESET using Forgot Password) to cancel pending awards.
10. Once you have done all of the above steps, edit your profile to get rid of the fake message planted by the scammer (if it exists).

Be aware that Steam Support will not restore stolen items nor stolen wallet funds.
In accordance with Section 1 C of the Steam Subscriber Agreement, you are responsible for all actions on your account, no matter who used the account.

Valve employees will never communicate with you about your account using any chat system including Steam Chat and Discord. There's no situation in which you'd need to reach out to a Valve or Steam employee directly to resolve an issue.

The ONLY way you can contact Steam support and through which you will receive official answers is through https://help.steampowered.com and no other way.
#1
< >
Showing 1-1 of 1 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Aug 13, 2024 @ 5:08am
Posts: 1
Start a New Discussion

Discussions Rules and Guidelines