Installer Steam
log på
|
sprog
简体中文 (forenklet kinesisk)
繁體中文 (traditionelt kinesisk)
日本語 (japansk)
한국어 (koreansk)
ไทย (thai)
Български (bulgarsk)
Čeština (tjekkisk)
Deutsch (tysk)
English (engelsk)
Español – España (spansk – Spanien)
Español – Latinoamérica (spansk – Latinamerika)
Ελληνικά (græsk)
Français (fransk)
Italiano (italiensk)
Bahasa indonesia (indonesisk)
Magyar (ungarsk)
Nederlands (hollandsk)
Norsk
Polski (polsk)
Português (portugisisk – Portugal)
Português – Brasil (portugisisk – Brasilien)
Română (rumænsk)
Русский (russisk)
Suomi (finsk)
Svenska (svensk)
Türkçe (tyrkisk)
Tiếng Việt (Vietnamesisk)
Українська (ukrainsk)
Rapporter et oversættelsesproblem
Diskussionsregler og retningslinjer
5 
Rapporter dette indlæg
I checked my account security — all devices are mine, no unknown logins. I also changed my password recently.
And yet the ONLY way something like this happens is if your account is compromised.
Follow these Steps to secure your account.
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://gtm.steamproxy.vip/dev/apikey (there should be nothing in the API Key)
I followed all the steps: scanned my PC (no malware found), deauthorized all devices, changed the password from a clean computer, generated new backup codes, and revoked the old API key.
I don’t understand how this happened. A gift was automatically sent from my account to another user, even though I have no friends on Steam. That person has already accepted the game. For many years my account has never been hacked or scammed, and suddenly this happened. I am shocked — I had a large balance, and part of it was taken.
The best scams are the ones you don't realise are scams. You gave away your account information somewhere, at some stage.
Hm… looks like the scammer always wins. This is the scammer: https://gtm.steamproxy.vip/profiles/76561198780461575
.
You can see that the profile is new and not set up — it says: “This user has not yet set up their Steam Community profile. If you know them, encourage them to set up their profile to play together!”
dont name and shame its against TOS just saying.
report and move on
Got it, thanks. I’ve already reported it to support.
When you report this in forums, most people will just blindly conclude you fell for a phishing scam and gave away your login somewhere. That's the M.O. response, most of them are incapable of even considering alternatives. Whether you did fall for an elaborate phish or not I don't know, but it doesn't have to be that.
It's rare, but a few cases have turned up where people experienced this despite following best practices, ie. steam auth on, no password reuse, never clicked any stupid links, never used their steam login elsewhere, checked and clearly saw no other devices logged in.
The obvious suspect here would be malware, since it can hijack your PC and control your steam client directly, no need for a separate login.
A less likely scenario, though not entirely impossible, is that there's a hole in steam's systems. I wouldn't rule that out, but I would expect they'd close the hole relatively quickly (they operate on valve time, but still), so multiple reports over several years makes it seem pretty unlikely.
You said you'd performed a malware scan: those will never catch everything, and it's perfectly possible to have malware that not a single AV will catch when you scan.
Even if your PC is infected and a scan finds something and removes it, it doesn't mean you're out of the woods. Other stuff can still be lurking.
Given what you've said, if I were you I'd just assume it was malware and do a system wipe right away. Backup what files you need and reinstall everything. Pictures, video files and documents are safe enough to keep as long as they're yours and not from sus places. msi/exe installers, dlls, etc. should of course be discarded.
Up to you if you want the hassle, but if you've got that kind of malware it's likely to cause more trouble further down the road, might as well be safe.
its just seems so excessive if there is something out there that can attack your computer
and windows or who ever is not looking into it and getting rid of it then all of us would have it...
wouldnt we....
and the other bit about not clicking on stupid links....
i remember on my old computer i clicked on what i thought was a realtek audio
download.. i cant say i had a problem but it could of been a stupid link clink as it
was a 3rd party download site and not actually realtek who i thought it was..
i still go back to wiping your computer as it seems excessive for something that
should have a fix and not need a full wipe of a computer...
thoughts..
Not necessarily. He could've just been unlucky, like the hour between a new security hole in the browser being discovered and it being patched with an auto update, and someone got lucky and hit it within that time frame. Random example, of course, and stuff like this is rare, but it does happen. Point is, just because one guy got hit doesn't mean it affects all or even most people.
Actually brings to mind a good example. Years ago, when flash was still a thing on websites, I'd just set up a new PC and freshly installed windows. Went to the gfx card vendor website to get drivers, and there was a flash advertisement on their site. As I opened the page, I saw the ad load, then a command prompt popped up on my desktop quickly and immediately disappeared, then an installer window with a progress bar flashed up and completed in less than two seconds. Flash is/was notoriously insecure and routinely used for installing malware by embedding it in advertisements those days. Convenient way of doing it, you just paid the ad company to do all the distribution and hosting for you.
So the flash ad had just installed malware on my PC. I know because I even recognized the method (read a blog post about it just a few weeks earlier). I realized what had happened, and just turned the PC off and immediately wiped and reinstalled.
That's the thing, though. How do you know it was fixed? If there was malware, it had full access to your system and could install anything else as well. So.. how can you be sure it's been cleaned? Sure, you can run an antivirus or cleaner, and it may find something and say "element quarantined" and make it look like it's been fixed, but that offers no guarantee. Other stuff could've been installed as well, the AV didn't catch it, and it'll reactivate after a time delay and the whole problem is back again.
Excessive, sure. Maybe. Depends on what you want to avoid and what you're trying to protect. If you have some valuable stuff on the PC and you use your credit card there to buy games, etc., then maybe an hour or three of wipe-reinstall work is worth it compared to the potential loss of your steam account, money or credit card number.
Up to him, like I said, but wiping, reinstalling and immediately updating everything is really the closest you'll get to being sure it was taken care of (not counting BIOS/UEFI flash backdoors that survive OS reinstalls, as those seem fairly rare).