It's likely either you logged in to a fake page that also asked for your guard code, or your email is also compromised and the intruder got the code that way. Either way you'd have no grounds for legal action since it Valve wasn't the one who failed their security obligations here.

Steam guard isn't bypassed. People get phished or have malware, which translates to account owners giving away their login credentials.

Relevant info:

Originally posted by Crazy Tiger:

Phishing is the most likely cause, OP. When people get phished, they give out the account name, password and then active guard code. A bot quickly enters it and hijackers have access then. Ultimately 2FA is "just another code" that can be given away when getting phished. It's not a magical defense layer.

Have you secured your account? If not:
- Scan for malware. https://www.malwarebytes.com/
- Deauthorize all devices https://store.steampowered.com/twofactor/manage
- Change your password on a secure device.
- Generate new back up codes. https://store.steampowered.com/twofactor/manage
- Revoke the api key https://steamcommunity.com/dev/apikey

Find out how you leaked your credentials. Phishing and malware are the two ways it happens, phishing is the most likely one. Either way, find out how you leaked your credentials.

Items are gone, they do not get returned nor will you get money back for them. The item restoration policy: https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Not all items require confirmation. https://steamcommunity.com/groups/community_market/announcements/detail/1705067494681435160

Originally posted by A Guy With Glasses:

Any one else have their account hacked in a way that has completely bypassed Steam Guard? My account was accessed and a bunch of items in my inventory were put on the market for minimum price before I could reset my accounts credentials and prevent further transactions from taking place.

If this has happened to enough people, there may be a way to have a legal case for compensation.

Steam Guard cannot by 'bypassed'. That's like giving away your front door keys to a thief, getting burgled and then saying your locks were bypassed. Good luck with the insurance claim doing that.

Originally posted by Crazy Tiger:

Steam guard isn't bypassed. People get phished or have malware, which translates to account owners giving away their login credentials.

Relevant info:

Originally posted by Crazy Tiger:

Phishing is the most likely cause, OP. When people get phished, they give out the account name, password and then active guard code. A bot quickly enters it and hijackers have access then. Ultimately 2FA is "just another code" that can be given away when getting phished. It's not a magical defense layer.

Have you secured your account? If not:
- Scan for malware. https://www.malwarebytes.com/
- Deauthorize all devices https://store.steampowered.com/twofactor/manage
- Change your password on a secure device.
- Generate new back up codes. https://store.steampowered.com/twofactor/manage
- Revoke the api key https://steamcommunity.com/dev/apikey

Find out how you leaked your credentials. Phishing and malware are the two ways it happens, phishing is the most likely one. Either way, find out how you leaked your credentials.

Items are gone, they do not get returned nor will you get money back for them. The item restoration policy: https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Not all items require confirmation. https://steamcommunity.com/groups/community_market/announcements/detail/1705067494681435160

I have not given away any information about my account in any way. My authentication and my local steam devices are different. I never shared information about my Steam Guard codes anywhere. I recently reset all credential after they were bypassed.

Originally posted by A Guy With Glasses:

Originally posted by Crazy Tiger:

Steam guard isn't bypassed. People get phished or have malware, which translates to account owners giving away their login credentials.

Relevant info:

I have not given away any information about my account in any way. My authentication and my local steam devices are different. I never shared information about my Steam Guard codes anywhere. I recently reset all credential after they were bypassed.

Either you gave them away or they were captured by tailored malware on your device. This is unarguable so don't be so ignorant. You're probably still shadow-hijacked as we speak right now.

This is the most ignorant statement I have heard. You claim that two separate devices have been compromised at conveniently the same time, and that this possibility is greater than Steam having a faulty system. Steams systems are so foolproof that they eclipse even VPN and Security dedicated services for the number of vulnerabilities they have.

Originally posted by A Guy With Glasses:

This is the most ignorant statement I have heard. You claim that two separate devices have been compromised at conveniently the same time, and that this possibility is greater than Steam having a faulty system. Steams systems are so foolproof that they eclipse even VPN and Security dedicated services for the number of vulnerabilities they have.

You simply don;'t understand. You gave away/allowed your credentials to be phished. These were then login-botted into a real client and your account was shadow-hijacked. The scammers then listed your items with the access they gained cheap - items sold under $1 don't require a confirmation listing and using tailored buy-orders, they were able to transfer your items to the target accounts. Very simple really.

2FA is just an extra security layer - it does not magically protect your account. You should know this by the nature of its concept. Also we see about 50 cases of these each day but literally all users accept the support and secure their accounts going forward. Passing the buck and blaming Steam or hackers will just means this happens again to you. If it does, it'll be somewhat deserved.

Originally posted by Ducks on Fire:

It's likely either you logged in to a fake page that also asked for your guard code, or your email is also compromised and the intruder got the code that way. Either way you'd have no grounds for legal action since it Valve wasn't the one who failed their security obligations here.

I never even entered my steam guard code once. My email is dual protected as well. It's much less likely that all of my accounts have been compromised.

It is hard to believe, we know, but it is the truth. You either got phished unknowingly or you've got malware on your device

Originally posted by J4MESOX4D:

Originally posted by A Guy With Glasses:

This is the most ignorant statement I have heard. You claim that two separate devices have been compromised at conveniently the same time, and that this possibility is greater than Steam having a faulty system. Steams systems are so foolproof that they eclipse even VPN and Security dedicated services for the number of vulnerabilities they have.

You simply don;'t understand. You gave away/allowed your credentials to be phished. These were then login-botted into a real client and your account was shadow-hijacked. The scammers then listed your items with the access they gained cheap - items sold under $1 don't require a confirmation listing and using tailored buy-orders, they were able to transfer your items to the target accounts. Very simple really.

2FA is just an extra security layer - it does not magically protect your account. You should know this by the nature of its concept. Also we see about 50 cases of these each day but literally all users accept the support and secure their accounts going forward. Passing the buck and blaming Steam or hackers will just means this happens again to you. If it does, it'll be somewhat deserved.

It's not like I haven't done all the standard steps of protecting the account and resetting all credentials when it looks to have been compromised. So you're saying even when you do everything you're supposed to and follow all of Steam's rules for protecting your account, it's still your fault? How can people be such shills for corporate run schemes. It's not like Steam doesn't have the ability to compensate digital assets, ones that they can effortlessly produce without cost. At what point does Steam have ANY responsibility or accountability in the matter?

Originally posted by A Guy With Glasses:

Originally posted by J4MESOX4D:

You simply don;'t understand. You gave away/allowed your credentials to be phished. These were then login-botted into a real client and your account was shadow-hijacked. The scammers then listed your items with the access they gained cheap - items sold under $1 don't require a confirmation listing and using tailored buy-orders, they were able to transfer your items to the target accounts. Very simple really.

2FA is just an extra security layer - it does not magically protect your account. You should know this by the nature of its concept. Also we see about 50 cases of these each day but literally all users accept the support and secure their accounts going forward. Passing the buck and blaming Steam or hackers will just means this happens again to you. If it does, it'll be somewhat deserved.

It's not like I haven't done all the standard steps of protecting the account and resetting all credentials when it looks to have been compromised. So you're saying even when you do everything you're supposed to and follow all of Steam's rules for protecting your account, it's still your fault? How can people be such shills for corporate run schemes. It's not like Steam doesn't have the ability to compensate digital assets, ones that they can effortlessly produce without cost. At what point does Steam have ANY responsibility or accountability in the matter?

Protection means nothing if you allow your credentials or device to be compromised. You can have all the locks, secure windows and alarms on your house but you give away the keys and codes then you're screwed.

Because if Steam was Hacked, they'd not go for random users like yourself and I. They'd go for people with massive inventories to steal etc.

Sooner you accept you're the source of the leak of credentials, the sooner you can get it fixed. I posted my password to my account years ago, live streamed it even. Know how many got into my account? Zero..

Only way to bypass 2FA, is if you give the code away.

Originally posted by A Guy With Glasses:

Originally posted by Ducks on Fire:

It's likely either you logged in to a fake page that also asked for your guard code, or your email is also compromised and the intruder got the code that way. Either way you'd have no grounds for legal action since it Valve wasn't the one who failed their security obligations here.

I never even entered my steam guard code once. My email is dual protected as well. It's much less likely that all of my accounts have been compromised.

Well then if you are so certain it couldn't have been on your end then you should go get a lawyer. Whether anyone here believes you or not won't change anything and if you are hoping to scare Valve into returning your items with the mere threat of legal action you are going to be disappointed.

It seem they are a huge wave of pirating these past 2 week, even on the french forum a lot of user claim they have been pirated without doing anything or log somewhere
And majority of it seem to be pirated by russian/chinese, with the same method

For real
What website you guy visited because no one want to answer that

Originally posted by Léon Scarlet:

It seem they are a huge wave of pirating these past 2 week, even on the french forum a lot of user claim they have been pirated without doing anything or log somewhere
And majority of it seem to be pirated by russian/chinese, with the same method

For real
What website you guy visited because no one want to answer that

Link me to the French forums, let me have a look.