Originally posted by pbnj06p:

Anyone got any tips or help

Re-secure your account.

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Thanks man I have already done most of these steps already but it still bugs me how they could have taken my token and did so much in such short time and the fact that there is no verification on community products and no way to return or refund these items kinda feels like it's designed for hackers to abuse it 😔. And as someone who has only been using steam for about a year I'm kinda disappointed at least I'm never keeping any balance on my account without immediately spending it and with what will happen with the rest I will have to pray that someone will buy them to get at least a bit of the money back 😭
Keep in mind steam guard is on on my phone and did nothing nada 🥹

These are some of the ways you could have given away your login credentials.

*Have you been asked to vote for a team/tournament/pixel art?
*Have you been asked to register for a tournament?
*Have you used any third-party site for gambling or trading? (doesn't have to have been recent, they can keep your info for years, waiting till you build up your inventory)
*Have you logged in on a public device?
*Have you entered any giveaways/giveaway groups?
*Have you tried to claim any "free 50$ gift cards"?
*Have you been invited to a playtest via a link in chat?
*Have you talked to an "admin" after being "accidentally reported"?
*Does someone else use your PC or your account?

Let me guess you play CS2 and went to a trusted site by one of your "friends" said they used all the time? Don't believe everything people tell you on the internet. I could say im god too.

Well actually I have done none of those pretty sure it was a browser issue as this is a fairly new steam acc and this computer is fairly new as well I have no friends on it never joined anything related to giveaways or links or games and I'm not dumb enought to fall for free 50$ card I only ever buy physical cards from trusted stores

This hacker was different he bypassed the steam guard and instead of doing anything like changing my password or email to get a hold of the account all they did was like yeah steal the money by buying up I presume all his items and by that way he broke the system because the only thing I can do is just be flabbergasted since there is no way to ever get the balance back

Accounts are PHISHED not hacked because the end user gave away all their account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

sucks to be u