Originally posted by xExertion:

There is a huge security issue with STEAM.

I was recently scammed of all of my items by directly creating a trade request on STEAM to my ALT account through faceit.

Despite directly creating a trade request with my ALT account, I was hacked and the trade offer went to someone else.

I was invited to join FACEIT League, never tried, they showed me some process to join their FACEIT League (directly on faceit). Then I got some bot check error saying I need to trade more.

So they advised me to create a trade request with my alternate account in order to get through this check.

Despite creating the trade request directly on steam application, they were able to intercept this trade and route the trade to their account instead of my alternate acocunt.

How are they able to intercept trade requests despite directly creating them via steam?

This is a huge security gap and I lost around $1k in value (I have a job so no biggie) but still this is quite upsetting.

The security risk was not Steam. It was you.

You entered in your account information into a fake login page.

Originally posted by cSg|mc-Hotsauce:

Originally posted by xExertion:

There is a huge security issue with STEAM.

I was recently scammed of all of my items by directly creating a trade request on STEAM to my ALT account through faceit.

Despite directly creating a trade request with my ALT account, I was hacked and the trade offer went to someone else.

I was invited to join FACEIT League, never tried, they showed me some process to join their FACEIT League (directly on faceit). Then I got some bot check error saying I need to trade more.

So they advised me to create a trade request with my alternate account in order to get through this check.

Despite creating the trade request directly on steam application, they were able to intercept this trade and route the trade to their account instead of my alternate acocunt.

How are they able to intercept trade requests despite directly creating them via steam?

This is a huge security gap and I lost around $1k in value (I have a job so no biggie) but still this is quite upsetting.

The security risk was not Steam. It was you.

You entered in your account information into a fake login page.

:nkCool:

Actually, I never entered in my account information into anything. I simply created a trade request to my ALT account. Somehow they were able to expose a security backdoor on FACEIT League Premier where if you join their league, somehow they are able to intercept trade requests.

Originally posted by cSg|mc-Hotsauce:

Originally posted by xExertion:

There is a huge security issue with STEAM.

I was recently scammed of all of my items by directly creating a trade request on STEAM to my ALT account through faceit.

Despite directly creating a trade request with my ALT account, I was hacked and the trade offer went to someone else.

I was invited to join FACEIT League, never tried, they showed me some process to join their FACEIT League (directly on faceit). Then I got some bot check error saying I need to trade more.

So they advised me to create a trade request with my alternate account in order to get through this check.

Despite creating the trade request directly on steam application, they were able to intercept this trade and route the trade to their account instead of my alternate acocunt.

How are they able to intercept trade requests despite directly creating them via steam?

This is a huge security gap and I lost around $1k in value (I have a job so no biggie) but still this is quite upsetting.

The security risk was not Steam. It was you.

You entered in your account information into a fake login page.

:nkCool:

I don't know if you passed elementary school reading, but your comments clearly show you didn't understand what my post mentioned and how they were able to backdoor my inventory.

Originally posted by xExertion:

Originally posted by cSg|mc-Hotsauce:

The security risk was not Steam. It was you.

You entered in your account information into a fake login page.

:nkCool:

Actually, I never entered in my account information into anything. I simply created a trade request to my ALT account. Somehow they were able to expose a security backdoor on FACEIT League Premier where if you join their league, somehow they are able to intercept trade requests.

There is no "FACEIT League Premier", it never existed, and when they asked you to trade your items, that was to get you to trade so they could cancel it, and send another one, with all of your items, to their account WHILE INSIDE YOURS.

Originally posted by xExertion:

Actually, I never entered in my account information into anything. I simply created a trade request to my ALT account. Somehow they were able to expose a security backdoor on FACEIT League Premier where if you join their league, somehow they are able to intercept trade requests.

Phishing works because victims don't realize it's happening. At some point you logged into a fake website without thinking twice about it, which allowed them to sit on your account and wait for you to make a trade so they can redirect it.

Originally posted by xExertion:

I don't know if you passed elementary school reading, but your comments clearly show you didn't understand what my post mentioned and how they were able to backdoor my inventory.

The phishing could've happened anytime before you tried to make that trade to your alt.

Accounts are PHISHED.

You gave the hijacker all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link, signing in through a fake login window etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Originally posted by xExertion:

I don't know if you passed elementary school reading, but your comments clearly show you didn't understand what my post mentioned and how they were able to backdoor my inventory.

Notice how people still helping you despite your attitude? That's called maturity.

Hotsauce never unsubs, they read everything you post about them and choose to not engage.

You would know someone has passed their elementary school reading easily from this.

It is 100% that someone else is on your account, can't happen otherwise.

Follow all these instructions, otherwise you can't be sure that no one is still on your account:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

There are only 3 ways for others to get into your account:

1. You either got infected and had malware steal your active session, which means steam thinks it is your own doing. (Or you logged in on another infected machine)

2. You entered your login + Steam Guard code somewhere you were not supposed to. (Scanning the QR code to login does the same)

3. Someone else has/had physical access to your devices. (Or you forgot to logout after being in an internet café etc.)

You can't deny all 3 of these, its impossible to get into your account otherwise.

Stolen wallet or items that way will not be refunded, as it is the users responsibility to make sure their accounts are safe.

Your account has been hijacked, likely cause is you gave a phishing site you login details. That allowed them to access your account. Then when you sent a trade to your ALTs account the hijackers BOT cancelled it. It then modified their account to look like your ALTs and resent the trade all with a few seconds so you didn't notice a delay. You then ignored the warning about the target NOT being a friend and confirmed the trade.

Your skins are gone. Report the account that received them, block, move on and stop

Logging in on dodgy sites
Believing stupid messages on your profile
Confirming trades Without paying attention to the warnings and checking them.

If you need help with Account Security or Recovery, please contact Steam Support.