Secure your account as a matter of urgency:-

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Steam does not return inventory items or wallet funds: https://help.steampowered.com/faqs/view/3B6E-B322-2400-8D24

and stop giving away your credentials to phishing sites.

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?



I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

Publicado originalmente por oui:

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?



I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

You are in a group which is a known scam site.

Secondly accounts are PHISHED because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible :

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Note:

1) Only you and Steam Support know your account name until you give it away.

2) Steam passwords are hashed, not stored therefore only you can give it away.

3) They physically need to have your mobile for the code, or you need to enter the code.

happend to me too today..
has an authencator and i hasnt approved for any change today.

hope steam will fix this?

Publicado originalmente por oui:

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?



I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

An account can only be hijacked if the user allows their credentials to be phished - either by giving them away to an illicit 3rd party site or by installing capture-based malware on their PC. It is a technical impossibility for an account to be hijacked out of thin air because scammers require login name, password and then an independent authentication. Somewhere previous, you leaked your credentials and these were captured by scammers in a tailored manner and then they carefully targeted you.

This type of scam is very common sadly and most users are able to pinpoint where they went wrong. If you use any trading sites, have 'voted' for a team or played on an insecure PC, these are just some ways this can happen.

edit: I can already see you are part of the worst phishing site group in history and that is the likely culprit.

Publicado originalmente por oui:

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?

You got any proof? Or the typical user assumption that while other people may be careless and reckless with their accounts, you would never be so therefore it must be Steam?

At any rate take it up with support.

Publicado originalmente por oui:

I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

That you know of. Assuming you never would or incapable of being tricked is a bit of hubris most likely. While you might prefer the idea that Valve was l33t h4x0r'd, the fact remains the user is the weakest part of security so that's what scammers and hijackers typically target. Being unaware of how you could have done it doesn't mean you didn't do it.

Publicado originalmente por J4MESOX4D:

Publicado originalmente por oui:

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?



I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

An account can only be hijacked if the user allows their credentials to be phished - either by giving them away to an illicit 3rd party site or by installing capture-based malware on their PC. It is a technical impossibility for an account to be hijacked out of thin air because scammers require login name, password and then an independent authentication. Somewhere previous, you leaked your credentials and these were captured by scammers in a tailored manner and then they carefully targeted you.

This type of scam is very common sadly and most users are able to pinpoint where they went wrong. If you use any trading sites, have 'voted' for a team or played on an insecure PC, these are just some ways this can happen.

edit: I can already see you are part of the worst phishing site group in history and that is the likely culprit.

What group are you talking about?

Publicado originalmente por oui:

What group are you talking about?

CS.M

Publicado originalmente por nullable:

Publicado originalmente por oui:

Thanks for you message.

I've already done everything you mentionned.

Steam does not return inventory items or wallet funds, even if someone hijacked my account??? This is steam issue, not mine. And I had every single security protection (even mobile confirmation) and the scammers still can do it?

You got any proof? Or the typical user assumption that while other people may be careless and reckless with their accounts, you would never be so therefore it must be Steam?

At any rate take it up with support.

Publicado originalmente por oui:

I was never connected to a phishing websites, never clicked on a weird website or something.

So I just lost everything and I can't do anything against it?

That you know of. Assuming you never would or incapable of being tricked is a bit of hubris most likely. While you might prefer the idea that Valve was l33t h4x0r'd, the fact remains the user is the weakest part of security so that's what scammers and hijackers typically target. Being unaware of how you could have done it doesn't mean you didn't do it.

I mean even if the scammer had my username+password, it would need a Steam Mobile Authenticator confirmation, and a new confirmation for the trade. No?

Publicado originalmente por oui:

Publicado originalmente por J4MESOX4D:

An account can only be hijacked if the user allows their credentials to be phished - either by giving them away to an illicit 3rd party site or by installing capture-based malware on their PC. It is a technical impossibility for an account to be hijacked out of thin air because scammers require login name, password and then an independent authentication. Somewhere previous, you leaked your credentials and these were captured by scammers in a tailored manner and then they carefully targeted you.

This type of scam is very common sadly and most users are able to pinpoint where they went wrong. If you use any trading sites, have 'voted' for a team or played on an insecure PC, these are just some ways this can happen.

edit: I can already see you are part of the worst phishing site group in history and that is the likely culprit.

What group are you talking about?

The Money group - one of the most notorious scam sites probably in existence.

Publicado originalmente por Nx Machina:

Publicado originalmente por oui:

What group are you talking about?

CS.M

Even with a user:pass you will need the token from mobile auth which changes every 30sec, and I physically had my phone with me

Publicado originalmente por oui:

I mean even if the scammer had my username+password, it would need a Steam Mobile Authenticator confirmation, and a new confirmation for the trade. No?

Debate it with support. Trying to convince me has no value. To me you're just another user who likely isn't as secure as they believe and would rather shift the blame. Fortunately my opinions don't actually matter. So take it up with support.

Publicado originalmente por oui:

I mean even if the scammer had my username+password, it would need a Steam Mobile Authenticator confirmation, and a new confirmation for the trade. No?

Publicado originalmente por oui:

Even with a user:pass you will need the token from mobile auth which changes every 30sec, and I physically had my phone with me

You gave them the code, which is the key to the door which gives them full access. They are logged in as you as far as Steam, a program is concerned because all the details are correct.

Publicado originalmente por oui:

Publicado originalmente por Nx Machina:

CS.M

Even with a user:pass you will need the token from mobile auth which changes every 30sec, and I physically had my phone with me

Once they have a phished login session banked, they can session-idle for years. They are still sitting on users who's credentials they phished before the pandemic. Once you get phished then they can idle-sit on your account for as long as it takes and unless you deauthorise other devices yourself, they will have forever access as long as their API is open.

Okay thanks for your answers.

I will try to contact support, I guess I'll just have to get used to the idea that I've simply lost my items. It was a lot of money, and I'm really devastated.