Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
5 
Report this post
Then fix 2 step auth. On your mobile.
ASAP!
Some how you did it though. You caused this scenario. This is not random and this is not a failure of Steam's account security system.
If you want to keep your Steam account intact you will have to accept the loss and learn from it. You have to ensure that others do not get access to your account.
I can tell you for a fact it's not as simple as everyone makes it out to be - I have 2FA enabled, this morning after I noticed this, I saw that the login happened back in May 2025...exactly on the date I reinstalled Windows 11 on my PC AND that login supposedly got validated by the Steam Guard.
The problem with that is - whenever I reinstall my OS, I wipe the drives...like, not format them, actual data wipe, cache-areas included, then install the OS, then update it, then download the few apps I actually need from the developers' sites, then run a full scan with Windows Defender and Malwarebytes (keeping that as on-demand scanner, both are ran at least once per week since installation).
Whenever logging in an account, I specifically check (where possible) where the login is coming from, in the case of Steam, it notes the city and country. In the case of site logins, I can name all sites/apps I logged in with my Steam account into - Fanatical (previously known as BundleStars), GreenManGaming, SteamDB, ProtonDB, SteamGifts and Discord/EA App (account link).
My password is randomly generated and different for every account I have.
While I agree that clearly nobody just "guessed" the password or "hacked" the account, I believe that the process I follow myself is controlling enough/meets what is more than reasonable to expect out of an average user to do, so just shouting "user error, k, tnx, bye" and not at least look into what is going on and how to improve the security for the average person.
Perhaps make sure 2FA confirmation is required every time you switch countries?
Or invalidate logins after a while? (or at least have an option for that if you don't want to have it as a default)
If you have already submitted a support ticket to Valve, here's what you should be doing right now:
- Reset your Steam account password.
- Invalidate ALL sessions (go into settings -> Account Details -> Security & Devices).
- Log back in again.
- Generate new Backup Codes (for the 2FA).
- Keep a close eye on the "Authorized Devices" section of your account for the near future.
Outside of Steam:
- Run a virus scan with the deepest scan level possible (I would recommend running Microsoft Defender/Avast Free Antivirus or some other free antivirus app AND Malwarebytes' free version...basically run at least one antivirus and one antimalware).
- Check your email's sign-in activity and if you notice anything out of the ordinary - invalidate sessions, reset password etc.
- Notify your bank about the card used. Chances are you don't need to do anything with them YET, but they should be notified about it happening to be on stand-by.
- Since you mentioned PayPal, provide them detailed explanations on what happened, along with screenshots, Valve support ticket number and all other details you can get your hands on.
In my case, I managed to get back my Steam points and reverse a gifted game, my guess is you should be able to get back your Steam Wallet back too since that is well within Valve's control...for PayPal, not sure, but I think that shouldn't be a problem either.
You probably generated a Steam API key and entered it into a website. If you did this then other people can have direct access to your steam account and completely bypass all security measures you have set.
I think it's worth repeating: No one can hack into your steam account or hack access to your steam account. The only possible way anyone other than you can ever access your steam account is if you give away your steam login credentials to a 3rd party some how, some way.
When accessed, I get a prompt to type in a domain name and then register, nothing shows up about any existing keys, I might be misunderstanding it, but I feel the API thing is not the case on my side. (the info is appreciated though!)
As for the other part - I didn't say it's not a problem caused by the user (and myself in my case), I said that you can't have unreasonable expectations FROM the average user, which is why I suggested two changes that could have avoided it in my (and probably OP's) case.
Read through the stuff I posted that I do on my side and think about it - what % of people would do even that? - Now think if that is considered insufficient to justify implementing new security options (even if completely optional ones), then why are out-of-platform logins even allowed?
I am happy that Valve managed to address it ridiculously fast in my case, but I would prefer to be able to avoid having to resort to that myself.
Then you don't currently have one active. Although someone else could of revoked it once they gained access to your account.
Unfortunately this sort of thing is very, very common with Steam. The most common "culprit" is people go to these "Skin lottery" websites to enter their steam account in the hopes of winning an expensive item in their "lottery" that they can then resell, not realizing that by entering their account information in the website they are giving away full access to their account to other 3rd party / bad actors, even if they have 2FA enabled.
Well, life is life I suppose, learn from the experience, hope counter-measures were sufficient and be vigilant in the future it is.
Hope OP got lucky with the resolution like I did.
Simply don't trust links and stick to the real Steam website when you use the login.
Yeah, the Steam App with the built-in 2FA has been active on my side since they released the feature publicly. 2FA is basically a mandatory thing in 2025.
After you change your password they could still be logged in and then change your password to something else on you again and they could even revoke your access to it so get on it and check it asap.
Even Valve doesn't use the worked hacked... because that not what happened.
Watch out for Account Hijacking:
https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60
So.
They were able to guess your Steam account email?
They were able to guess your Steam account password?
They were also able to guess your Steam Guard codes that change, every 30 seconds?
No. You gave them this information and that is how they were able to gain access your account.
You are responsible for the confidentiality of your login and password and for the security of your computer system. Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.
https://store.steampowered.com/subscriber_agreement/
Items
https://help.steampowered.com/en/faqs/view/3B6E-B322-2400-8D24
Funds
https://help.steampowered.com/en/faqs/view/78E3-7431-1E88-AD59