And do you have a question? Or was that just a demonstration on "Hey! I post my login-details on the internet! Come all and see!"

I was playing games,I didn't post any login details.

Yeah ... this time, it was a legit hacker! This time it's different ...

Never happened before.

OP- you play the 4 games most targeted for scams because they have marketable item and skins drops, and a ton of off-Steam skins/item "trading" or "cash out" scam/phishing websites. You used any of them, even a year or 2 ago- you gave up your login info and gave a scammer access to your account, allowing them to hijack/shadow control you Steam account. And they will wait for a long time until you have the right items or skins in your inventory, long enough for them to see you aren't paying attention to the fact that they assigned you an API key (that no regular Steam user needs) that gives them full access to your account.

TL;DR- you don;t have to post your login details in a public, place- just login using a spoofed Steam login widget on one scam/phishing site one time, and you gave them all they needed to hijack (not "hack") your account. Even if you only logged in on one to check it out and never actually used it to trade or sell skins or items- you gave them all they needed. And no one ever wants to admit they did something like this because they thought they could get rich quick on Steam.

Is there a mod or admin that can help with this ?.

No. That is not neccesary. It's up to you to look after your account. It's your ... responsibility.

Originally posted by Hat:

Someone has changed the contact email to my account, added an authentication app, bought and sold stuff out of my steam inventory while I'm logged in.

I looked at help options this looks like the only one, help.

Do the following:
Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Accounts are phished not hacked.

You gave away all your account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

You must be logged out of all accounts to start the account recovery process.

You don't need access to the email, phone or password currently tied to the hijacked/hacked account for this to work. Just pick the "I do not have access..." or a similar option when asked.

And to help you sign-in: https://help.steampowered.com/en/wizard/HelpWithLogin

A step by step guide to the recovery process:
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560