Accounts on Steam are PHISHED because the end user gave away all their account details, giving them access to their account.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link, signing in through a fake login window, the fake Valve employee scam, free $50 Steam gift Card- etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

The weakest link is the end user, not the security offered.

dude I already know I made a mistake but is there anything else that I need to do or can I do to prevent that?

You mean apart from the usual 6 steps? As long as you did all of the following, your account is safe again. Until you leak your account data again that is.

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Stolen wallet or items that way will not be refunded, as it is the users responsibility to make sure their accounts are safe.

You need to confirm when selling item over $1 USD, not buying. Also word of advice don't login via 3rd party sites, there COUNTLESS of scam sites trying to trick you.
- Gamble / trading sites are COMMON among the scams.
- DMs with people giving you stories to trick you.
- Discord allowing people to spoof links to redirect to scam sites.

I educated people for years, give simple break downs. Please understand 2FA is a tool, not a person, not an AI, it just a tool, just like your house keys it doesn't know whom entering if you hand them the keys.

If you done all the steps that Dan5000 above posted, then should be good.

I might probably login via 3rd party sites but it's been a long time since I did that so I dont even remember when I did that. Still it's my fault for not being cautios about my account's safety.

I did all 6 steps above the comment section so I'm hoping that I'm safe.

Ursprungligen skrivet av slayer:

I might probably login via 3rd party sites but it's been a long time since I did that so I dont even remember when I did that. Still it's my fault for not being cautios about my account's safety.

I did all 6 steps above the comment section so I'm hoping that I'm safe.

You're all good if done it all.

Yeah they can remain login on your account for LONG time, how this works is when you login via the scammer site, your login token is given to the scammer device. Their site is a tunnel to their devices, it's like cloud gaming, or teamviewer if ever used it, where the input you give is sent to them automatically, and once approved, or given code they get your token, that why never type out, or scan QR for login via 3rd party sites claiming to be steam.

Here an example of a scam site.
https://steamcommunity.com/sharedfiles/filedetails/?id=3430196039

Legit 3rd party sites will only do this, when you're already login on Steam.
https://steamcommunity.com/sharedfiles/filedetails/?id=2338543075

Scam sites will always show you not login, despite login on Steam already.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315

To see my example open browser login from Steam community page, and store. Now visit steamdb.info use the steam login option, and notice it doesn't show you any textbox to fill, or doesn't ask for QR scan, and only shows a SINGLE button showing you're login already. That how real 3rd party sites works using Steam API.

Ursprungligen skrivet av Dr.Shadowds 🐉:

Ursprungligen skrivet av slayer:

I might probably login via 3rd party sites but it's been a long time since I did that so I dont even remember when I did that. Still it's my fault for not being cautios about my account's safety.

I did all 6 steps above the comment section so I'm hoping that I'm safe.

You're all good if done it all.

Yeah they can remain login on your account for LONG time, how this works is when you login via the scammer site, your login token is given to the scammer device. Their site is a tunnel to their devices, it's like cloud gaming, or teamviewer if ever used it, where the input you give is sent to them automatically, and once approved, or given code they get your token, that why never type out, or scan QR for login via 3rd party sites claiming to be steam.

Here an example of a scam site.
https://steamcommunity.com/sharedfiles/filedetails/?id=3430196039

Legit 3rd party sites will only do this, when you're already login on Steam.
https://steamcommunity.com/sharedfiles/filedetails/?id=2338543075

Scam sites will always show you not login, despite login on Steam already.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315

To see my example open browser login from Steam community page, and store. Now visit steamdb.info use the steam login option, and notice it doesn't show you any textbox to fill, or doesn't ask for QR scan, and only shows a SINGLE button showing you're login already. That how real 3rd party sites works using Steam API.

I have logged into 2 of the legit 3rd party sites EVER, never downloaded anything from the interned and NEVER clicked on any suspicious links... still someone sold my items and bought dota 2 items..

Ursprungligen skrivet av wa:

I have logged into 2 of the legit 3rd party sites EVER, never downloaded anything from the interned and NEVER clicked on any suspicious links... still someone sold my items and bought dota 2 items..

I heard it millions of times, claiming said trading / gamble sites to be legit but end up not being at all, another is google search where scammer make fake sites of those, and show in search results, and lastly is falling for DM scams where they promise you things, claim they gave you something, or ask you a favor to do something all of them involved logging into scam site.

Another method is logging onto devices not yours that could be compromise.

Decided to download random things of the internet for varies of reasons that didn't verify, or checked if it was safe.