Hey I just had the same thing happen to me, no fkin clue how they got me. Sent you a friend req maybe we can find out together

Your account is compromised

Do all this in the order its written to make sure your account is secure

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Yes you have been session hijacked. Its a browser based bot attack against steam and discord. Its been around for a few weeks now.

You have to DE AUTHORIZE all devices to kick it out of your account. Then update your security settings and scan for malware. If its on your PC malwarebytes will find it. Also Clear ALL browser data as the bot copies ALL of it.

Be aware the bot will steal all your steam inventory and wallet via sub $1 trades if you do not de authorize all devices. Because it acts under $1 steam security will not alert you. You won't get any warning. It cannot steal your passwords as that would trigger a security check. It simply copy/pastes your current session login ID and empties your wallet without alerting you.

Contract steam support and ask them to investigate any suspicious market activity on your account. They are able to see if the bot attacked you and will give you some copy/paste security advice.

They will NOT refund you any lost items or wallet funds. Even if they can see the bot stealing them. You CANNOT add verification for sub $1 trades. This is Valves policy. This bot exploits that vulnerability. There is nothing in place to stop it so im sure it will keep attacking steam and discord accounts.

I just got this as well. Exactly as mentioned all items are sold for under 1 dollar. As well my discord got hacked and sent out 50 usd free gift card scam links to everyone off my friends. Now what really shocked me - i have a second account that i havent logged in to for over a month, and 10 minutes after i realized i was hacked and was doing everything mentioned above - i saw that my second account has launched PUBG, qued for 1 game and left and then i deauthorized my second account from everywhere as well. Now what shocks me is HOW THE ♥♥♥♥ DID THEY DO IT. Nobody has my account logins, both of the acounts are prtotected by steam guard (how did they even manage to bypass steam guard to login to my second account). Windows defender saw nothing, malware bytes quick scan saw 2 files and none of them were related in any way. I checked my chrome and other software activity/history/login locations and found no other software that was afected so far. Runing a custom full premium scan on malwarebytes now, 1 hour in, 651k files scaned, 78 malicious files found. First time i ever get hit by a virus because im not a stupid persson in topics like these but yesterday i was stupid, after smoking a joint i decided to download a few torrents and im certain this was the cause. altho still a mistery about how they logged to my second acount. Could they replicate my ip to logg in from another device without authorisation? What makes it even more crazy is that my api wasnt changed at all.

What Prowler just above you said is that local malware (browser based, it seems they say, but possibly "normal") on your system stole from you a complete local browser and/or Steam client state in which you were apparently logged in on both accounts. After replicating said state into the attacker's own browser/client it to Steam appeared to be that already logged in browser/client.

Be sure to do all that Carlos100 in #2 said.

Originally posted by Alfa zenius 😎:

I just got this as well. Exactly as mentioned all items are sold for under 1 dollar. As well my discord got hacked and sent out 50 usd free gift card scam links to everyone off my friends. Now what really shocked me - i have a second account that i havent logged in to for over a month, and 10 minutes after i realized i was hacked and was doing everything mentioned above - i saw that my second account has launched PUBG, qued for 1 game and left and then i deauthorized my second account from everywhere as well. Now what shocks me is HOW THE ♥♥♥♥ DID THEY DO IT. Nobody has my account logins, both of the acounts are prtotected by steam guard (how did they even manage to bypass steam guard to login to my second account). Windows defender saw nothing, malware bytes quick scan saw 2 files and none of them were related in any way. I checked my chrome and other software activity/history/login locations and found no other software that was afected so far. Runing a custom full premium scan on malwarebytes now, 1 hour in, 651k files scaned, 78 malicious files found. First time i ever get hit by a virus because im not a stupid persson in topics like these but yesterday i was stupid, after smoking a joint i decided to download a few torrents and im certain this was the cause. altho still a mistery about how they logged to my second acount. Could they replicate my ip to logg in from another device without authorisation? What makes it even more crazy is that my api wasnt changed at all.

You have been compromised for a long while and they wait it out then 1 day it all goes down.
You must learn how to not click random links and go to bad sites ............without knowing how to keep yourself safe on them sites

Same thing actually just happened to me. I woke up to over 400 “You’ve just given a community award to a screenshot” emails this morning after having my discord hacked this weekend with the “steam giftcard messages sent to friend DMs” hack

Originally posted by coldzebra:

Same thing actually just happened to me. I woke up to over 400 “You’ve just given a community award to a screenshot” emails this morning after having my discord hacked this weekend with the “steam giftcard messages sent to friend DMs” hack

Change your steam's account password, you will get your points back.

Yea, discord scam is really nasty, they get to all ur accounts kek.

Originally posted by Maria:

Change your steam's account password, you will get your points back.

Note, not if you "change" but only if you "reset" it. Difference as per e.g. https://www.howtogeek.com/869288/how-to-reset-or-change-your-steam-password/

Just happened to me, must've been something on the PC. My discord and steam both got hacked at the same time. Even with 2FA. Resetting my PC and changing passwords on everything. Similarly I didnt get any malware coming up on scan. They also got me a game ban on rust, which I'll have to appeal. Luckily not a VAC

Same thing happened to me, can they access to our email?

my discord and steam got hacked, all items were sold and around 40 EUR of steam credit is gone. All the money was used to buy 3 cent dota2 items for 2-15 EUR each from 2 users.

1. Why didnt I get any emails about market activity? I always get an email even when I have bought/sold a 3 cent item. This time there was nothing.
2. How did they access my discord and steam account when I havent logged in anywhere with these 2 accounts nor have I clicked any suspicious links?

Originally posted by Maria:

Originally posted by coldzebra:

Same thing actually just happened to me. I woke up to over 400 “You’ve just given a community award to a screenshot” emails this morning after having my discord hacked this weekend with the “steam giftcard messages sent to friend DMs” hack

Change your steam's account password, you will get your points back.

Yea, discord scam is really nasty, they get to all ur accounts kek.

This is why i do not use discord.

Originally posted by Onyeka Okongwu:

Same thing happened to me, can they access to our email?

Yes they can. That is why you change your password on your email and other things. That is why you do this:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Originally posted by Prowler™:

Yes you have been session hijacked. Its a browser based bot attack against steam and discord. Its been around for a few weeks now.

You have to DE AUTHORIZE all devices to kick it out of your account. Then update your security settings and scan for malware. If its on your PC malwarebytes will find it. Also Clear ALL browser data as the bot copies ALL of it.

Be aware the bot will steal all your steam inventory and wallet via sub $1 trades if you do not de authorize all devices. Because it acts under $1 steam security will not alert you. You won't get any warning. It cannot steal your passwords as that would trigger a security check. It simply copy/pastes your current session login ID and empties your wallet without alerting you.

Contract steam support and ask them to investigate any suspicious market activity on your account. They are able to see if the bot attacked you and will give you some copy/paste security advice.

They will NOT refund you any lost items or wallet funds. Even if they can see the bot stealing them. You CANNOT add verification for sub $1 trades. This is Valves policy. This bot exploits that vulnerability. There is nothing in place to stop it so im sure it will keep attacking steam and discord accounts.

Can you explain exactly what happens in a session hijack? I would like to know more information about this.