所有討論 > Steam 討論區 > Help and Tips > 主題細節
Pxtl 2015 年 7 月 25 日 下午 8:49
Steam account hacked, and I can't even figure out how
I use steam guard on Steam and 2-factor auth on Gmail, my desktop wasn't even turned on at the time. I get home at 8pm and find that at 3pm somebody reset my password and logged in and took my entire steam inventory. Gmail's crude account activity info says *nobody accessed my gmail account* around then, and even if they did they'd need my phone to do it because 2 factor auth.

How is this even possible? I'm worried because of my paypal and my bank statements, but I'm also worried about getting my TF2 stuff back.
< >
目前顯示第 1-15 則留言,共 18
Casey 2015 年 7 月 25 日 下午 9:04 
You should really visit this page; it's where you're gonna have to start:
https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366
As for reclaiming all your TF2 items if they are lost; there is no way to get them back unless Steam really cares enough. Sorry.

Stay positive! :happyBUD:
#1
Pxtl 2015 年 7 月 25 日 下午 9:19 
Thanks, Casey.

Yeah, that's where I started. I feel like I'm going nuts. Went through that process, reset password, sent in credentials, etc... and now my steam account *isn't* empty, incl. TF2 inventory, which is great and all but I'm still freaking out that somebody read my gmail. I mean, they'd have to to get through Steam Guard, right?

But my gmail account is 2-factor auth secured. My computer is virus-clean and was in sleep-mode at the time. My cellphone was with me in the middle of a park well away from any data-connection. The only possible device that could have leaked my gmail inbox is a custom-ROM Nexus 7 tablet sitting in a laundry hamper, and even then Google says nothing downloaded my email in mid-afternoon today.

So I'm freaking out a bit.
#2
Casey 2015 年 7 月 25 日 下午 9:28 
If somebody lives with you, they'd be the main suspect, right?

Sorry about your account, hope it works out.
最後修改者:Casey; 2015 年 8 月 7 日 上午 12:24
#3
Muppet among Puppets 2015 年 7 月 25 日 下午 9:32 
When did the trade emails arrive at google?
#4
Pxtl 2015 年 7 月 25 日 下午 9:48 
... no trade emails. Just a "Steam Guard" notification and my inventory was empty. Now I'm starting to wonder if inventory-empty wasn't just a web-browser hiccup, since Steam Support never said that they were restoring my crap and it came back awful fast. I'm still looking at a password-reset and steam-guard login from the other side of the world.
#5
Pxtl 2015 年 7 月 25 日 下午 9:51 
... yes, inventory history is prettymuch empty. So my account was hacked and they... did nothing? Logged into my account (Steam said that the user *made it through steam guard*) and they didn't do anything?
#6
Muppet among Puppets 2015 年 7 月 25 日 下午 11:01 
引用自 Pxtl
Steam said that the user *made it through steam guard
Did steam answer to your support ticket with a green headline on their page?
#7
Muppet among Puppets 2015 年 7 月 25 日 下午 11:16 
Only could be exploited like this with disabled steam guard
#8
Pxtl 2015 年 7 月 25 日 下午 11:28 
If an empty key was ignored for password reset, I'd wager it could be ignored for Steam Guard as well. I can't even freaking confirm that the hacker made it past Steam Guard or not because the Steam client doesn't let me review the previous error messages. I was so frantic (obviously I missed that my inventory wasn't empty) that I probably misread the message.

Seriously, could they not have sent out a ♥♥♥♥♥♥♥♥♥ email about this?
#9
Muppet among Puppets 2015 年 7 月 25 日 下午 11:29 
If steam guard was enabled, you would have gotten a steam guard email when someone used a password.....
#10
Muppet among Puppets 2015 年 7 月 25 日 下午 11:42 
引用自 fauxtronic
Nope. I suggest reading the links I posted. There was a specific exploit last night and SteamGuard offered no protection.
Where does it say steam guard didnt protect?
#11
Muppet among Puppets 2015 年 7 月 25 日 下午 11:46 
Why didnt steam guard protect?
I thought they could "only" change passwords with that.
#12
Pxtl 2015 年 7 月 25 日 下午 11:47 
I logged into Steam and it gave me a scary message that a user accessed my account, and my inventory was empty... but now in hindsight it looks like the "empty inventory" was just a slow-loading website or something because the inventory is back and I still haven't heard back from anybody at Valve so I assume they didn't restore it, it was never gone.

And the Steam Guard error message wasn't clear on whether or not the user made it past Steam Guard. It gave the usual warnings that a user accessed my account unexpectedly and all that, and I should reset my password and check my machine for viruses and all that, but in hindsight I don't think it clarified whether they made it through Steam Guard or not. I don't actually *know* if they made it or not!

I can't find any place in the Steam UI to re-read that message... Steam doesn't seem to let me re-examine security notifications.

So basically I've learned two things from this:

1) I'm a panicky idiot who should read more carefully before closing a tab, and

2) Steam sucks at giving me information about my account.
#13
Muppet among Puppets 2015 年 7 月 25 日 下午 11:48 
The staem guard email says, was it you and it gives you a code.
If it wasnt you, the rest is valid.
If it was you, use the code.

Thats what the email should tell
#14
Muppet among Puppets 2015 年 7 月 25 日 下午 11:49 
引用自 fauxtronic
引用自 Muppet among Puppets
Why didnt steam guard protect?
I thought they could "only" change passwords with that.

Why? Because Valve screwed up with one of the recent updates. All you needed was a username to force a password reset.
Yes, and with a password you log in and then? Steam guard.
#15
< >
目前顯示第 1-15 則留言,共 18
每頁顯示: 1530 50

所有討論 > Steam 討論區 > Help and Tips > 主題細節
張貼日期: 2015 年 7 月 25 日 下午 8:49
回覆: 18
開始新的討論串

討論區規矩與守則