Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Otherwise follow the steps ASAP, do not wait.
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
Most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/
Scammers will make up any story to led you to do things.
- Vote for my team, you won a prize, I gifted you something, and so on to trick you to login via their scam sites.
- I reported you, you're getting banned, or whatever.
- Try my demo, or whatever to download a virus from them on discord.
The list goes on.
API are basically links to sites that you use to link a site to steam. This is usually the easiest way to phish your account and hijack it. That is why it is always good to remove any found there.
For example, if any outside site requires your steam password and username, this is usually what the API links to it. Again, this is very easy for nasty people to hijack your account, so best to remove all that is found there. It is always good to leave it blank if you can.
for more info on API, you can read about it here:
https://steamcommunity.com/dev
It means if you setup an API on your account for web development, account usage via API from web, or commands. Example you can be sending commands to Steam for API while not login to your account to interact with your account to do things such as trading, or uploading content if it an development account. So if you never setup an API key you shouldn't have any to begin with as no one has one by default as should be nothing there, but if you have API key there, and you didn't do it, then you know someone has been on your account, and set it up, or unless you forgot, and were using scam site that try to trick to trade your items, which is a common thing btw as all trade items be redirected to scammer account as long API key remains on the account setup by the scammer.