your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

The same way as everyone else, at some point you leaked your login details including your Steam guard codes.

I don't see how that's possible. I can't leak my steam guard codes.

steam shows a login from London England. How did someone from london england log in to my account 2 hours ago, I would've gotten an email from steam from them trying to log in, which I didn't. my email also shows 0 unusual logins. They bypassed the steam guard.

Originally posted by d3str0y3r:

The same way as everyone else, at some point you leaked your login details including your Steam guard codes.

Originally posted by Wolf Knight:

your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Interesting and thanks for the info, I can't see how any of this would be true though. I don't log into steam from any other 3rd party anythings, and again, even if I did somehow give up my password, there's no way they should've been able to get past the steam guard.

Originally posted by DrPepperProduct:

I don't see how that's possible. I can't leak my steam guard codes.

steam shows a login from London England. How did someone from london england log in to my account 2 hours ago, I would've gotten an email from steam from them trying to log in, which I didn't. my email also shows 0 unusual logins. They bypassed the steam guard.

Originally posted by d3str0y3r:

The same way as everyone else, at some point you leaked your login details including your Steam guard codes.

Did you use email or app auth?

Usually codes get leaked by logging into a phishing page (like the one they send with your account now)

Originally posted by d3str0y3r:

The same way as everyone else, at some point you leaked your login details including your Steam guard codes.

You certainly can leak them.....leaking the account login info is the ONLY way Steam accounts are hijacked.

Originally posted by DrPepperProduct:

Originally posted by Wolf Knight:

your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Interesting and thanks for the info, I can't see how any of this would be true though. I don't log into steam from any other 3rd party anythings, and again, even if I did somehow give up my password, there's no way they should've been able to get past the steam guard.

Instead of trying to second guess correct information...do EVERY step.

Your account is indeed compromised, or it wouldn't be sending out scam links.

I promise you, I didn't click any scam links. And again, even if my STEAM account was compromised, then how did they get past the steam guard and log in from across the world?
I appreciate your advice btw but I'm gonna skip the malware bytes and just reformat my entire computer.

Also, since your account is sending out phishing links....it would be in your best interest to get it under control. If your account gets reported for phishing attempts, it could get community banned.

Originally posted by DrPepperProduct:

I promise you, I didn't click any scam links. And again, even if my STEAM account was compromised, then how did they get past the steam guard and log in from across the world?
I appreciate your advice btw but I'm gonna skip the malware bytes and just reformat my entire computer.

You can promise all you like, you did something. It does not just "happen"

Steam Guard is not a magic shield and it's useless if the codes are given away.

SECURE the account, denial accomplishes nothing.


https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

You "appreciate" the advice but deny it's merit....awesome.

The founder / owner of Steam once posted his account name + password and welcomed people to get in, no one managed to do so. You don't "just" compromise a Steam account.

Not to mention that us regulars see these kinda of threads multiple times per week. Steam guard can easily be bypassed, any lock can be bypassed if you give away the key to the castle. 99% of cases this is caused by people trading or "doing stuff" outside Steam using their Steam account while assuming they're logging back into Steam.

If that didn't happen (it almost always did, scammers are good at hiding and this incident could have happened 1 - 1,5 years ago)... but if it didn't it would imply that something else is compromised on your end.

Because people don't "just" take over Steam accounts. The above demo has proven as much, not to mention that - no offense - there are much more lucrative accounts to go after than yours. Accounts which already build up a certain reputation for example, or which have a load of games for re-sell (the account, not the games, and yes: that's illegal but.. alas.).

Originally posted by DrPepperProduct:

I promise you, I didn't click any scam links. And again, even if my STEAM account was compromised, then how did they get past the steam guard and log in from across the world?
I appreciate your advice btw but I'm gonna skip the malware bytes and just reformat my entire computer.

You owned the account from creation? you created it? that question can't be proved fully obviously but honesty would help.

Originally posted by ShelLuser:

The founder / owner of Steam once posted his account name + password and welcomed people to get in, no one managed to do so. You don't "just" compromise a Steam account.

That demonstration made people believe they dont need to worry about logins.

But 2fa protects against things where the code is NOT used when things go wrong. So the code is still needed.
Whenever you login, 2fa codes do nothing to protect you if there is something wrong with the "login"

maybe someone have access to your data through hacking or virus when logging in

>> Check for Viruses and Backdoors
>> Contact Steam Support

Originally posted by Wolf Knight:

your account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

Check for backdoors, don't think Bytes checks for them. Should be a simple video on YouTube, I saw a short on the matter.