Opprinnelig skrevet av clueless:

Opprinnelig skrevet av Lee:

Also you could have been hijacked many years ago. They could have been in your account all this time waiting for you to do something worth taking or using.

the money in my wallet were gift cards i got as gifts during Christmas time
so sitting there of 2 months
would have spent the money right away had i know the steam system is so flawed and easily hacked ...with no internal checks on unusual transactions(6 transactions for $65 all in a few minutes time)

EASILY hacked. SUPER EASY!

Opprinnelig skrevet av pckirk:

What a waste of time for anyone to continue to try and help the OP.

just report the thread, so it can be closed.

Your account was HIJACKED, not hacked. Why? You gave away your account log-in info.

https://help.steampowered.com/en/faqs/view/0A94-F308-34A5-1988

Steam is selling games with malware in them that allow this access

Opprinnelig skrevet av D. Flame:

Steam is selling games with malware in them that allow this access

Aaaaaaaand the thread officially spirals out of control.

I'm out, good luck with securing your account(s).

Opprinnelig skrevet av Mr. Smiles:

Opprinnelig skrevet av D. Flame:

Steam is selling games with malware in them that allow this access

Aaaaaaaand the thread officially spirals out of control.

I'm out, good luck with securing your account(s).

Because I told the truth? It has already been widely reported on credibly sites.

Opprinnelig skrevet av emmanueli:

Nah bro I didn't. Also the purchase are from games I don't even play or have installed. Looks like a backdoor exists in this system. The hackers would have had to have logged in as me and then have access my phone or my email.. 🤔😔. Which hasn't happened. Been in the game for years kid. This has all the hallmarks of a broken system.

The best scams are the ones where the victims are aware they were scammed even when provided reasons why they were scammed. In this case you don't believe you've provided your account info, including 2fa code yet everything is pointing to the fact that you did. That is of course unless the devices you are using are compromised which is an even bigger issue for you. At his point you would either have to accept what happened, learn from it and hopefully prevent this from occurring further or the complete opposite happens and something similar will inevitably happen again.

Thread title: Steam Wallets are being systematically hacked.

Opprinnelig skrevet av emmanueli:

Seems that there is a backdoor to scam people out of their money from their Steam wallets. My account has MFA, emails me for any changes. Yet somehow someone has spent my money from my wallet on games that I do not play and Steam still in someway blames the victim. Instead of investigating how their platform is being breached they claim that it's a malware issue. How can so many people have the same malware issues when so many have secured accounts.. Makes no sense now 🤔, does it?

There is no backdoor door.

Accounts on Steam are PHISHED not hacked because the end user gave away all their account details, giving them access to their account.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link, signing in through a fake login window, the fake Valve employee scam etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

The weakest link is the end user, not the security offered.

Opprinnelig skrevet av Nx Machina:

Accounts on Steam are PHISHED not hacked because the end user gave away all their account details, giving them access to their account.

That's a lie.

Even if you gave away your username and password, people could not get into your account without you authorizing them on you app.

If they hack your session id, and steal that login token, then they can use that token to make the system think you already logged in and authenticated with the app, this bypassing it.

Some of these keyboard warriors or gangster guys are actually funny. The reality is simple. I don't even play those games. (READ THE ORIGINAL MESSAGE). There would be no session id to steal because I was not logged in at all nor do I play those games. I have steam on one device, which is clean, have MFA, phone and email. I don't even connect to any 3rd party sites. That stuff is of no interest. The games in question are shown as not installed or playable on my account. The transactions look like they are in a different currency and at a time my device could not have been on. Look guys if I was phished, hacked, hijacked, victim malware or whatever, I would simply take the L. TBH it's like £49 .. What I'm stating here is simple logic. With all the above being true and provable, the one unknown is the platform and the owners and runners. I've worked in IT a long long time to never rule that out. I've seen systems with very easily open backends manipulated by owners and support staff. I believe Steam is in such a situation. Similar to early banking apps that allowed staff to move small amounts from multiple accounts into ghost accounts and create fake transactions to pocket the funds. If you think you really know otherwise then you are naive and are soon to be brought into the light. The TRUTH will soon be revealed. Prepare for a big change in Steam. And I'll be happy to dish large slices of humble pie with custard to many of you. For those who are victims, you have my deepest sympathy. With that, Steam community, I leave it there. Be safe out there and online.

Opprinnelig skrevet av D. Flame:

That's a lie.

A lie? Lets do a test:

Your account name is: Pinky, Yellow Sun, Brown Sugar, Planet Zero.

Your password is: POmyuj567, BHYRFG%^, 789NMvfRA, PPOOLlvv.

How close am i to guessing both?

As for:

Opprinnelig skrevet av D. Flame:

Even if you gave away your username and password, people could not get into your account without you authorizing them on you app

People do authorise via the app when logging in to known scam sites etc, because accounts are PHISHED or are you going to continue to ignore all those threads where it is has being proven they gave away all their account details, including authorising the login, because they have known skin scam sites in the profile name history, or are in Steam Groups of known skin scam sites, or fell for the Discord Scam, or voting for my team scam etc.

Now for you prove it is a lie as you claim a secondary test - what is my account name and password? You get it right i will authorise the login.

You will fail of course because.

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

The weakest link is the end user, not the security offered.


A 20+ year old i have never lost account access to. https://ibb.co/DgPST5BS

Opprinnelig skrevet av Nx Machina:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

If they steal your token/cookie, then they don't have to guess crap.

When you login in and 2FA, you get a token confirming you have done so successfully. If they steal that token, the system will let them straight through without even asking for a username, password, nor 2FA. The do NOT have to guess crap.

Opprinnelig skrevet av emmanueli:

Some of these keyboard warriors or gangster guys are actually funny. The reality is simple. I don't even play those games. (READ THE ORIGINAL MESSAGE). There would be no session id to steal because I was not logged in at all nor do I play those games.

The session ID being stolen is the token generated by Steam when you login to Steam itself.

Opprinnelig skrevet av D. Flame:

If they steal your token/cookie, then they don't have to guess crap.

When you login in and 2FA, you get a token confirming you have done so successfully. If they steal that token, the system will let them straight through without even asking for a username, password, nor 2FA. The do NOT have to guess crap.

Ah! you snipped everything because you cannot prove what i have written is a lie.

To repeat:

People do authorise via the app when logging in to known scam sites etc, because accounts are PHISHED or are you going to continue to ignore all those threads where it is has being proven they gave away all their account details, including authorising the login, because they have known skin scam sites in the profile name history, or are in Steam Groups of known skin scam sites, or fell fro the Discord Scam, or voting for my team scam etc.

Now for you prove it is a lie as you claim a secondary test - what is my account name and password? You get it right i authorise the login.

You will fail of course because.

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

The weakest link is the end user, not the security offered.


A 20+ year old i have never lost account access to. https://ibb.co/DgPST5BS

You always claim accounts are hacked (the wrong term) so why is that not on every major website that millions of Steam accounts were compromised in a single day? It isn't because are accounts are PHISHED by the end user always giving all their account details including authorising the login.

That is how malware works for example you have to enter all your account details and authorise for it to be captured. That is also how a trojan works. Logging into a known skin scam site has the same requirements. A free Steam Gift has the same requirements etc. None are hacking. In the case of malware and trojans they are downloaded unknowingly by the end user and in turn executed by them.

Next time your bank site asks you to reinput all your account details it already knows about, stop and scan your PC otherwise carry on and let the trojan do it's work and the phisher empty your bank account.

So back to: Prove what i have written is a lie as you claim in post #37 or even this post, a secondary test - what is my account name and password? You get it right i will authorise the login.

Opprinnelig skrevet av emmanueli:

Some of these keyboard warriors or gangster guys are actually funny.

Explain how in 20+ years i have never lost access to my account, yet you have and lost your wallet funds if you did not give away all your account details?

You even used the wrong term. Accounts are phished not hacked so as i asked another poster lets do a test.

What is my account name and password? You get it right i will authorise the login.

Looks like OP is on a bought or stolen account. Probably paid for it and it was compromised by the seller