All Discussions > Steam Forums > Help and Tips > Topic Details
Pringus Mar 21 @ 6:09pm
Steam Account Hacked without Notification?
My account was hacked, and all of my valuable CS2 items traded away. I don't know how this happened because I had 2FA/Steam Guard active. When I checked, Steam showed an active device in Russia (I live in WA, USA), so I deauthorized all devices. The thing that is deeply confusing me is that I never received any notifications about logins, neither through text, app notification, or email (it said it had been authorized on March 15th, so it was easy to double check). I also haven't signed into anything, nor interacted with suspicious links, I genuinely have only used Netflix, Discord, and Steam for about a month. My password was rather weak, but it still should have notified me via phone or email. Any idea how this could have happened?
< >
Showing 1-15 of 18 comments
ْSmoke™ Mar 21 @ 6:11pm 
you either downloaded some malicious file, or signed into some scam links has to be one of those.
#1
Pringus Mar 21 @ 6:14pm 
I neither signed into anything nor downloaded anything. Regardless, it should have triggered authentication?
#2
Zora Mystery Mar 21 @ 6:17pm 
Maybe you can contact Steam support and they can bring your account back to how it was. On top of Steam, click Help, then click Steam Support.
#3
ْSmoke™ Mar 21 @ 6:17pm 
Originally posted by Pingus:
I neither signed into anything nor downloaded anything. Regardless, it should have triggered authentication?
no, they take the session ID and something called steam log in secure, so they basically duplicate you already signed in info, how steam should know it weren't you ? when you simply gave everything away somehow.
#4
Silicon Vampire Mar 21 @ 6:18pm 
Originally posted by Pingus:
I neither signed into anything nor downloaded anything. Regardless, it should have triggered authentication?

Oh, noes! This merry-go-round again?
Last edited by Silicon Vampire; Mar 21 @ 6:18pm
#5
Pringus Mar 21 @ 6:36pm 
I simply don't know how this would've happened without it triggering an authentication warning through my phone or email, neither of which are compromised. I use an installation of librewolf which wipes my information after I close any instances, so it's not like it pretended to be the active instance, because there simply wasn't one for it to pretend to be.
#6
Pringus Mar 21 @ 6:41pm 
Update. A friend invited me to a Steam Playtest. It was not them and was instead a phisher. RIP.
#7
HIVEmind Mar 21 @ 7:04pm 
2FA bypassed? just wondering
#8
Pringus Mar 21 @ 7:06pm 
Originally posted by HIVEmind:
2FA bypassed? just wondering
Yes. I got a Steam Playtest link and logged-in on the pop-up. It looked totally legit, not even a dirty link. Never received an email or text about it, which in hindsight should have set off red flags but I had a headcold.
#9
HIVEmind Mar 21 @ 8:09pm 
i was trying to say "steam guard".
#10
Pringus Mar 21 @ 8:15pm 
Originally posted by HIVEmind:
i was trying to say "steam guard".
Yes I had Steam Guard active.
#11
Della Robbia Mar 21 @ 11:03pm 
Have you shared your API Key with third-party sites? Some malicious sites can take advantage of this.
#12
Pringus Mar 22 @ 12:42am 
Originally posted by just K:
Have you shared your API Key with third-party sites? Some malicious sites can take advantage of this.

Wasn't even aware it was a thing, so, probably not. Steam doesn't say I have one registered at all either when I check
#13
Бобок Mar 22 @ 1:55am 
Originally posted by Pingus:
I use an installation of librewolf which wipes my information after I close any instances, so it's not like it pretended to be the active instance, because there simply wasn't one for it to pretend to be.
A useless security fuss in this case. If you delete a cookie that the hijacker already has a copy of, then you can’t continue that session, but the hijacker can. And to make scams easy, Steam does not care if you instantly teleport to the other side of the world during a session or even login from two different sides of the world simultaneously. How the trades are validated without your phone confirmation or how your phone number suddenly gets replaced without confirmation, no one here knows, my guess is the obvious one: huge security flaw on Steam’s side that Steam is not financially interested in fixing, especially since you can’t prove you never compromised your credentials yourself. Have you seen this thread?
#14
Pringus Mar 22 @ 2:09am 
Originally posted by 76561199020784014:
Originally posted by Pingus:
I use an installation of librewolf which wipes my information after I close any instances, so it's not like it pretended to be the active instance, because there simply wasn't one for it to pretend to be.
A useless security fuss in this case. If you delete a cookie that the hijacker already has a copy of, then you can’t continue that session, but the hijacker can. And to make scams easy, Steam does not care if you instantly teleport to the other side of the world during a session or even login from two different sides of the world simultaneously. How the trades are validated without your phone confirmation or how your phone number suddenly gets replaced without confirmation, no one here knows, my guess is the obvious one: huge security flaw on Steam’s side that Steam is not financially interested in fixing, especially since you can’t prove you never compromised your credentials yourself. Have you seen this thread?

I don't think it's kosher of me to cuss as much as this made me want to. That's genuinely infuriating and ridiculous. Valve continues to lose my trust. If there had been any way to cache these items frankly I would've, they held more value to me sentimentally than in $$.

Still blows my mind they make such a fuss about Steam Guard and then it's not only worse than useless, it's actively bloating and slowing my response time because I had to finagle it back onto my phone (it kept giving me a "please try again later" message) in order to re-certify my desktop browser and program. Simply insane.
#15
< >
Showing 1-15 of 18 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Mar 21 @ 6:09pm
Posts: 18
Start a New Discussion

Discussions Rules and Guidelines