Ursprünglich geschrieben von Neo:

Sometimes cold hard truths are needed to help people avoid it happening again. Unfortunately you took that as a personal insult instead of trying to work out how you got in to this mess in the first place.

Rest assured, I don't feel targeted or concerned in any way.

Ursprünglich geschrieben von J4MESOX4D:

Ursprünglich geschrieben von TentacleMayor:

It could prevent the worst outcomes, if it was rigorous about requiring authentication at every purchase. My bank straight-up won't let me send money, even between accounts on the same bank, without a 2FA authorization on my phone. SG should have the option to require 2FA for any and every purchase. That way anyone who has unathorized access to the account still couldn't do anything with the funds without physical access to the phone unless the user is stupid enough to authorize unsolicited 2FA checks coming out of nowhere, for purchases they never asked for.

I personally think there should be two extra layers that the auth could be extended for:- a) API key change/add b) a wallet purchase over $10 let's say. It does seem a bit daft that selling items over $1 requires a confirmation but an account can purchase up to $2000 worth of an item without triggering a restriction. More layers ultimately would frustrate the community who don't have security problems which is the overwhelming majority though and we've already seen enough shoved down our throats over the years but I do think a couple more wouldn't hurt especially when it comes to market purchases.

Fundamentally, only one thing is essential: be mindful of where you input your information. For everything else, and to ensure peace of mind at night, there is 2FA. Nothing more is required.

OP does not want to be helped

Right back at ya.

Ursprünglich geschrieben von pulzzzz:

agree with the both of you, and I think my situation should thus not have been able to happen. A 475 euro purchase of a 0.06 cents marketplace item should be an obvious red flag. Then again, I'm clearly biased. And there's not much use in quibbling about what ought to be, because I doubt Steam is going to take it into consideration, unfortunately.

how many hoops should the regular person have to jump through, though?

this happens to a relatively small group of people

why should the rest of the people that do not fall for these things get penalized?

if you want to make it an optional thing, i guess why not

but the people giving away their info are still going to be doing it

that is the flaw in all of these systems

people

i am sorry you got scammed, partner, it blows

yes I do

Ursprünglich geschrieben von KalCuey:

how many hoops should the regular person have to jump through, though?

this happens to a relatively small group of people

why should the rest of the people that do not fall for these things get penalized?

if you want to make it an optional thing, i guess why not

but the people giving away their info are still going to be doing it

that is the flaw in all of these systems

people

i am sorry you got scammed, partner, it blows

I don't think having increased prevention security against incidents like this which actually do seem pretty common from what I've seen would be much of a hoop to jump through. But again, I'm clearly biased. And I don't think it would be a hoop to jump through on the user's end at all if Steam would actually be responsive and investigate or intervene in or maybe even rectify situations like this after the fact. It's really unfortunate and frustrating that they don't to any degree.

But thanks, I appreciate that.

Ursprünglich geschrieben von pulzzzz:

I'm not taking out anything on anyone.

So the 15-18 smart-arse responses that you wrote into this thread just magically disappeared? Oh.. no I can go read them. They're still there.

No that's not the real question.

Ursprünglich geschrieben von pulzzzz:

No that's not the real question.

Yes it is. This is your thread. You have control over what happens in it. Do you want an actual discussion? Or do you just want to rant about the situation and verbally attack anyone and everyone that tries to help you because you're mad at yourself for letting it happen?

I've had amicable interactions with people in this thread who were respectful and considerate. You seem more upset about this situation at this point than I am. Get over yourself and stop harassing me.

Ursprünglich geschrieben von Tom Macdonald:

this is not possible unless some one got your login info from you leaking it.

Indeed. Henceforth, the sum of 475 euros shall not be subject to refund.

In a way it's impressive that even with a low effort bait attempt you still had to resort to editing it.

Ursprünglich geschrieben von pulzzzz:

I've had amicable interactions with people in this thread who were respectful and considerate. You seem more upset about this situation at this point than I am. Get over yourself and stop harassing me.

I haven't harassed anyone. It's YOU with the foul mouth treating everyone like garbage in this thread.

I'm just curious what goes through your head: "I'm going to create a thread and ask for help." .... "I'm going to be as mean as possible to everyone that tries to help me." ... ???????

Ursprünglich geschrieben von pulzzzz:

I don't have an answer for you. I don't know how it happened

You leaked your information. There was never a 'hacker.'

Ursprünglich geschrieben von pulzzzz:

I don't have an answer for you. I don't know how it happened, if I knew how to prevent it I would've prevented it. Whatever level of security you exercise on your account, don't feign yourself safe or immune from incidents like this is my advice.

Steam allows you to check the login history of your account and the IP Addresses. After someone logs in to the account, Steam shows it 24 hours later. If there is another IP address besides yours, then that means they logged in "organically" - supplied your password and 2FA -- which can only have been obtained if at some point it was given to them. Or they used a session key or API token, again both have to have been obtained from your PC in some form or fashion.

You can see link here and also read about how most of these hacks occur:

https://steamcommunity.com/sharedfiles/filedetails/?id=2406991018

Also, though it should have been linked earlier see:

https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C#stolen

As a general rule never ever supply files from your PC to anyone else, I've seen people with cracked copies asking for "help" needing Steam Auth files from people that have legit copies. That's also a good way not listed here to get your account stolen because it has session data and they can bypass the security systems in place.

Don't do it. Not only can they gain access to your Steam, but files can be used to fingerprint and find your PC

Also, depending on the method used to transfer files you can also open remote access to your PC.

And yes, I've seen people even on Steam ask for those files. Of course I report it, but the issue is that they do the same on Reddit and other places.

--

The only other way is if someone had DB access, but seriously doubt that anyone with that would go for Steam cash. They'd go straight for payment info and hit really hard and really fast. Steam dollars mean nothing to anyone that would have DB access when even your name and location is more valuable data than Steam dollars.