Steam telepítése
belépés
|
nyelv
简体中文 (egyszerűsített kínai)
繁體中文 (hagyományos kínai)
日本語 (japán)
한국어 (koreai)
ไทย (thai)
Български (bolgár)
Čeština (cseh)
Dansk (dán)
Deutsch (német)
English (angol)
Español - España (spanyolországi spanyol)
Español - Latinoamérica (latin-amerikai spanyol)
Ελληνικά (görög)
Français (francia)
Italiano (olasz)
Bahasa Indonesia (indonéz)
Nederlands (holland)
Norsk (norvég)
Polski (lengyel)
Português (portugáliai portugál)
Português - Brasil (brazíliai portugál)
Română (román)
Русский (orosz)
Suomi (finn)
Svenska (svéd)
Türkçe (török)
Tiếng Việt (vietnámi)
Українська (ukrán)
Fordítási probléma jelentése
Hozzászólási szabályok és irányelvek
Hozzászólás jelentése
Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party skin trading/gambling sites or clicking suspicious links.
You don't need access to the email, phone or password currently tied to the hijacked/hacked account for this to work. Just pick the "I do not have access..." or a similar option when asked.
And to help you sign-in: https://help.steampowered.com/en/wizard/HelpWithLogin
A step by step guide to the recovery process:
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560
Not necessarily.
My theory -- and, unfortunately, that's all it is since I haven't found descriptions of what they actually do -- is that hijackers don't even care about your credentials. They pick up the login-key, which is the item that the Steam client or bots use so they don't have to do the whole credentials/2FA every time the user runs it.
When was the last time your client has asked you for an actual login?
Not if you use a fake login page.
While I only work with clients, and I have 0 experience with modern webstuff, I'm 99% confident that the web-logins pretty much work the same -- so, there's going to be a cookie with the login key. Maybe, but that's going into web-territory that I know nothing about, they can just run some Javascript that loads the actual loginpage from steam while still being able to access the cookies. Else, they'd just have to duplicate the Javascript that Steam uses for the login page.
Again, I keep reading about account hijacks -- and I find it much easier to assume that your average Counterstrike-player is directed to a "skin"-site using a fake login page that grabs the login key, as opposed to an all-out assault where they need access to EMail or the authenticator. I find it much simpler to assume the hijackers use the easy route.
Hello, I don't have any malware on my pc, I change dmy password so that might sign out all the devices. Can't revoke API keys cus I don't pay 5$ on steam and no I don't use any gambling sites, I barely play steam games even.
Email auth is enabled by default, I didn't changed anything about the security section of my Steam account, no steamguard code or new location alert was sent to my email at all.
Appreciate the replies btw, sorry if I suck like a jerk when I posted this cus I was really frustrated lmao
Like a few (3/4) weeks back before?
I don't know what qualifies as an "actual login" but during that time period is when steam still sends me to code in my email and asks me to fill in the codes, ever since then I have never tried logging into my account. I have enabled steamguard mobile ever since this post was made. Never logged into any fake login page, never used third party sites, never used gambling sites (I don't play csgo or trade items) Device is fully secured and my email has 2fa aswell that requires me to allow access through my phone
And if the passwords are different, a device you used for these accounts might be the leak.