Social engineering. Most likely, you were tricked into giving everything needed to the hijacker. We see people fall for it every day.

But even if by mistake I have given my steam password, I have f*** steamguard and email verification? How do they bypass that.

Originally posted by Jux -(Carefull got hacked):

But even if by mistake I have given my steam password, I have f*** steamguard and email verification? How do they bypass that.

steamguard is not someting magic sheald if you give out rest of your login

so where did you use your steam login beside steam with you should never do and most of the time you using your login other site you are using your steamguard and is a site that is a scam site you gave your steam guard token

Hijacked. Malware or phishing.

Follow steps 1-6 to secure your account:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
4. Change passwords from a trusted/clean device.
5. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
6. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Regarding items:
https://help.steampowered.com/faqs/view/3B6E-B322-2400-8D24

Originally posted by Jux -(Carefull got hacked):

But even if by mistake I have given my steam password, I have f*** steamguard and email verification? How do they bypass that.

Steam Guard is merely an another lock, works as long as you don't give away your keys.

Thank you. I did all of the above. Hope I am safe now. Thank you again.

Originally posted by Jux -(Carefull got hacked):

"hacked"

That didn't happen.

Originally posted by Lotte:

Originally posted by Jux -(Carefull got hacked):

"hacked"

That didn't happen.

To his credit, he seems to have figured it out already. You should read the entire thread before commenting.

Originally posted by Silicon Vampire:

Originally posted by Lotte:

That didn't happen.

To his credit, he seems to have figured it out already. You should read the entire thread before commenting.

I did. Comment stays.

Originally posted by Jux -(Carefull got hacked):

But even if by mistake I have given my steam password, I have f*** steamguard and email verification? How do they bypass that.

Your email may have been compromised as well. I feel like this is a common way people "bypass" 2fa. I'm not saying you do this, but some people don't take the "never reuse passwords" seriously and if their email uses a password they used somewhere else, even if it's the only account currently using it, then it's vulnerable to being compromised. And once that email is compromised any account using it for 2fa purposes is also compromised.

2fa is only as strong as the security of the 2nd authenticator

Email is fine but changesd passwords on it aswell.
Pretty sure it was a hijacking because I do remember singing with the steam account somewhere I should not had to.

yeah the bot behind the phishing site forwarded your inputs towards the steam server then saved a steam session token, which is permanently valid and therefore bypasses 2fa.

deauthorizing the sessions are the only way to forcibly invalidate out these hijacked tokens.

I did remove and deauthorized all sesions. However in devices there is a cellphone i don't recognize. Its not authorized, and can only log by using the new safe password. So i assume I am ok now.

Thanks a lot for all the help

ааа