Hijacked yes, just stop logging in via 3rd party sites.

- hey vote for my team
- Free whatever
- Try my demo
- you have pending ban
- I accidentally reported you
- we have to trade here

All point to tricking you to login via 3rd party site. Either they use fake url page, or use a tunnel to create a fake browser tab you think is legit but is not just a scam page.

Another is people sending virus's often via discord, and so on. And yes discord has a problem that allow people to change hyperlink with command so display Steam link, but take you to different site all together aka scam site.

Do these asap don't skip any.
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


If you use same password for anything go change those to.

Sounds like an active session hijack...i've seen a few recently...

It affects steam and discord quite badly as they are huge networks

You will need to go into the options menu and force logouts for all devices to close the stolen session token. Then you can update your security settings safely. Clearing all your browser data will also end any active session on other sites you visit, just in case.

If its just a session hijack the attacker cannot alter your details without triggering security features...but on steam they can freely empty your wallet so long as they stay under $1...Valve removed authentication for all trades under $1 and also Valve dont refund any market actions.

You should inform steam support of this issue as its a security breach. Just be aware that the company policy is NOT OUR PROBLEM so you won't get any stuff back. But they do need to know this is a growing issue.

Originally posted by Prowler™:

Sounds like an active session hijack...i've seen a few recently...

It affects steam and discord quite badly as they are huge networks

You will need to go into the options menu and force logouts for all devices to close the stolen session token. Then you can update your security settings safely. Clearing all your browser data will also end any active session on other sites you visit, just in case.

If its just a session hijack the attacker cannot alter your details without triggering security features...but on steam they can freely empty your wallet so long as they stay under $1...Valve removed authentication for all trades under $1 and also Valve dont refund any market actions.

You should inform steam support of this issue as its a security breach. Just be aware that the company policy is NOT OUR PROBLEM so you won't get any stuff back. But they do need to know this is a growing issue.

If they manage to collection things from your device changing password, and revoking devices would be your least concern since the victim device is already compromise, and just repeat again if not resolved, plus they can be do more, hence the steps above that listed.

So either they went out of their way to download something, and ran it, or login via phishing site those are cause of issues, and the letter is the most common to happen.

I just realized this had been going on in my account for a week. Only noticed it because there was some leftover change in my wallet. I don't log in through third party apps, so still not sure how they got into my account.

Originally posted by Dr.Shadowds 🐉:

If they manage to collection things from your device changing password, and revoking devices would be your least concern since the victim device is already compromise, and just repeat again if not resolved, plus they can be do more, hence the steps above that listed.

So either they went out of their way to download something, and ran it, or login via phishing site those are cause of issues, and the letter is the most common to happen.

I have chatted with steam support about this issue. Its very real and they are aware of it. These bots can hijack active login sessions possibly by copying web browser cookies. Clearing out your web browser and revoking active logins should stop it.

So deauthorise all devices, log out and log back in. This will generate a new session id and kick out the bots. They cannot steal your password this way as this would trigger a security check. They can empty your entire inventory and wallet without triggering any steam alerts as they operate under the $1 authentication limit.

Again, Valve are aware of this threat. They know it targets the market. They know it bypasses the $1 security check and they know its bypassing normal steam account checks.

If you spot this activity you should open a support ticket and report it to them. Hopefully they can deal with it on their end because im no IT engineer lol

As it stands if this vulnerability is left open this type of attack is free to empty your inventory and wallet and you will have zero recourse. Steams policy is a strict NO REFUNDS for market transactions, no exceptions. Even when they have the evidence proving your account was accessed illegitimately. Thats just how it is.

Discord is also very vulnerable to this type of session spoofing, the same steps should stop it. Deauthorise all devices, log out, log in. Clear your browser data. Your account should be restored.

This isn't a straight forward "click on phish" scam. If you are actively logged in and this bot copies the active session you wont even know till it starts clearing out your inventory and wallet.

I know a few people that have encountered it, mostly on discord but it also appears to affect the steam market place.

Originally posted by Prowler™:

Originally posted by Dr.Shadowds 🐉:

If they manage to collection things from your device changing password, and revoking devices would be your least concern since the victim device is already compromise, and just repeat again if not resolved, plus they can be do more, hence the steps above that listed.

So either they went out of their way to download something, and ran it, or login via phishing site those are cause of issues, and the letter is the most common to happen.

I have chatted with steam support about this issue. Its very real and they are aware of it. These bots can hijack active login sessions possibly by copying web browser cookies. Clearing out your web browser and revoking active logins should stop it.

So deauthorise all devices, log out and log back in. This will generate a new session id and kick out the bots. They cannot steal your password this way as this would trigger a security check. They can empty your entire inventory and wallet without triggering any steam alerts as they operate under the $1 authentication limit.

Again, Valve are aware of this threat. They know it targets the market. They know it bypasses the $1 security check and they know its bypassing normal steam account checks.

If you spot this activity you should open a support ticket and report it to them. Hopefully they can deal with it on their end because im no IT engineer lol

As it stands if this vulnerability is left open this type of attack is free to empty your inventory and wallet and you will have zero recourse. Steams policy is a strict NO REFUNDS for market transactions, no exceptions. Even when they have the evidence proving your account was accessed illegitimately. Thats just how it is.

Discord is also very vulnerable to this type of session spoofing, the same steps should stop it. Deauthorise all devices, log out, log in. Clear your browser data. Your account should be restored.

This isn't a straight forward "click on phish" scam. If you are actively logged in and this bot copies the active session you wont even know till it starts clearing out your inventory and wallet.

I know a few people that have encountered it, mostly on discord but it also appears to affect the steam market place.

Just FYI they can't magically just take something from you WITHOUT you the MAIN cause of it, if scammers don't even need victim to do anything they wouldn't even need to make phishing sites, make new virus, or etc.... Hence the point.

Either
A) You enter in login information, or gave approval access. AKA phishing. There are people that just dumb enough to believe what ever stories scammers tell them.

B) Virus you may downloaded, run / install this can be from discord, emails, phishing sites, browser addons, you name it as it requires the victim to interact with scam file, site, or server. This can either open backdoor on device, do things, or even take access, or control of your apps & browsers, or transfer data such as cookies that store your sessions.

C) This is possible is if user dumb enough to click things on scam site to approve uploads from victim device. Pretty much not so much off from B).

Again this requires victim to do something:
- Visit scam site can be those trading/gambling sites, vote for said fake team, or etc....
- Using search engines that can get alter for traffic by scammers when they pay for ad space, or bot top search results, and etc...
- Downloading ARRrrr stuff, or random stuff from DMs, emails, or etc from the internet.
- Falling for stories what scammers tell them from DMs, emails, or etc...
- Using out of date, or unsecured software to access the internet. Worse case people disabling their security protections for whatever reason, or choosing to use things that lacks any security protections when surfing the web.

2FA is just a tool, not a bodyguard, nor an AI, just a tool to approve to create token session, this can be taken if scammer had some way to interact with victim device to access their token session, hence why it's not something it can just be taken out of nowhere it requires vitcim to do something for them, and doesn't have to be much as simple as approval, download, or running something for them. Simple as if someone knock on your door, do you unlock it, or don't unlock it when you look through the peephole.

Thanks for the help you guys. I don't recall using any third party sites or anything to sign in, but I'll be more cautious from now on.

Originally posted by surfin':

Thanks for the help you guys. I don't recall using any third party sites or anything to sign in, but I'll be more cautious from now on.

It can be sample as someone asking you to vote for their team on a site using fake Steam login, where people wouldn't even think of it.

Also they can be login to your account for months.

You can try looking in your login history session if you want, help page > my account > data related to my account > look for login history, and keep scrolling until you see something off.


Also hope you follow the steps above as that revokes any device and sessions that has access to the account.