scam site.

If you entered credentials, perform the following steps:

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Ensure your email address and/or password aren't contained in any public breaches:
- Email: https://haveibeenpwned.com/
- Password: https://haveibeenpwned.com/Passwords
-- If they are contained in any public breaches ("oh no, pwned!"), change your email account's password from a secure computer before proceeding.
-- If that happens, you may want to secure other accounts than just Steam.
-- Consider using mobile two-factor authentication on your e-mail address if your e-mail provider supports it.
4. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
5. Change passwords from a clean computer
6. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
7. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
8. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.
9. If points were stolen within 14 days, reset your Steam password (not change, RESET using Forgot Password) to cancel pending awards.
10. Once you have done all of the above steps, edit your profile to get rid of the fake message planted by the scammer (if it exists).

Originally posted by Ettanin:

scam site.

Yeah, that's what I'm thinking. I clicked the "confirm age" button on the page and it led to a "sign in" window. Meanwhile, clicking "sign in" itself did nothing.

I didn't give any info outside of DOB and I have 2 step sign in one, so I should be safe, but I'm going to run a check just in case. Thanks.

Originally posted by WeirdoGeek:

Originally posted by Ettanin:

scam site.

Yeah, that's what I'm thinking. I clicked the "confirm age" button on the page and it led to a "sign in" window. Meanwhile, clicking "sign in" itself did nothing.

I didn't give any info outside of DOB and I have 2 step sign in one, so I should be safe, but I'm going to run a check just in case. Thanks.

2 Step Sign in can also be bypassed if you entered the authenticator code because the bot on the server will actually log into your account to obtain a persistent session token so it doesn't need the authenticator code anymore.

Originally posted by Ettanin:

Originally posted by WeirdoGeek:

Yeah, that's what I'm thinking. I clicked the "confirm age" button on the page and it led to a "sign in" window. Meanwhile, clicking "sign in" itself did nothing.

I didn't give any info outside of DOB and I have 2 step sign in one, so I should be safe, but I'm going to run a check just in case. Thanks.

2 Step Sign in can also be bypassed if you entered the authenticator code because the bot on the server will actually log into your account to obtain a session token so it doesn't need the authenticator code anymore.

I just did the age check thing where you enter a date. I didn't give my log in. Does that still count as credentials?

This took a bit longer than I expected. I thought it would be common by now.

Just more proof people suck...

Originally posted by Silicon Vampire:

This took a bit longer than I expected. I thought it would be common by now.

Just more proof people suck...

As long as I didn't give the login info, I'm okay?

Originally posted by WeirdoGeek:

Originally posted by Silicon Vampire:

This took a bit longer than I expected. I thought it would be common by now.

Just more proof people suck...

As long as I didn't give the login info, I'm okay?

Shouldn't be an issue, no.

Originally posted by Silicon Vampire:

Originally posted by WeirdoGeek:

As long as I didn't give the login info, I'm okay?

Shouldn't be an issue, no.

Thanks!