Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
3248 
Report this post
I checked my account security — all devices are mine, no unknown logins. I also changed my password recently.
And yet the ONLY way something like this happens is if your account is compromised.
Follow these Steps to secure your account.
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://gtm.steamproxy.vip/dev/apikey (there should be nothing in the API Key)
I followed all the steps: scanned my PC (no malware found), deauthorized all devices, changed the password from a clean computer, generated new backup codes, and revoked the old API key.
I don’t understand how this happened. A gift was automatically sent from my account to another user, even though I have no friends on Steam. That person has already accepted the game. For many years my account has never been hacked or scammed, and suddenly this happened. I am shocked — I had a large balance, and part of it was taken.
The best scams are the ones you don't realise are scams. You gave away your account information somewhere, at some stage.
Hm… looks like the scammer always wins. This is the scammer: https://gtm.steamproxy.vip/profiles/76561198780461575
.
You can see that the profile is new and not set up — it says: “This user has not yet set up their Steam Community profile. If you know them, encourage them to set up their profile to play together!”
dont name and shame its against TOS just saying.
report and move on
Got it, thanks. I’ve already reported it to support.
When you report this in forums, most people will just blindly conclude you fell for a phishing scam and gave away your login somewhere. That's the M.O. response, most of them are incapable of even considering alternatives. Whether you did fall for an elaborate phish or not I don't know, but it doesn't have to be that.
It's rare, but a few cases have turned up where people experienced this despite following best practices, ie. steam auth on, no password reuse, never clicked any stupid links, never used their steam login elsewhere, checked and clearly saw no other devices logged in.
The obvious suspect here would be malware, since it can hijack your PC and control your steam client directly, no need for a separate login.
A less likely scenario, though not entirely impossible, is that there's a hole in steam's systems. I wouldn't rule that out, but I would expect they'd close the hole relatively quickly (they operate on valve time, but still), so multiple reports over several years makes it seem pretty unlikely.
You said you'd performed a malware scan: those will never catch everything, and it's perfectly possible to have malware that not a single AV will catch when you scan.
Even if your PC is infected and a scan finds something and removes it, it doesn't mean you're out of the woods. Other stuff can still be lurking.
Given what you've said, if I were you I'd just assume it was malware and do a system wipe right away. Backup what files you need and reinstall everything. Pictures, video files and documents are safe enough to keep as long as they're yours and not from sus places. msi/exe installers, dlls, etc. should of course be discarded.
Up to you if you want the hassle, but if you've got that kind of malware it's likely to cause more trouble further down the road, might as well be safe.
its just seems so excessive if there is something out there that can attack your computer
and windows or who ever is not looking into it and getting rid of it then all of us would have it...
wouldnt we....
and the other bit about not clicking on stupid links....
i remember on my old computer i clicked on what i thought was a realtek audio
download.. i cant say i had a problem but it could of been a stupid link clink as it
was a 3rd party download site and not actually realtek who i thought it was..
i still go back to wiping your computer as it seems excessive for something that
should have a fix and not need a full wipe of a computer...
thoughts..