All Discussions > Steam Forums > Steam Community > Topic Details
Ace1 1 Jun, 2018 @ 1:59pm
A weird form of account hijacking happened to me. Anyone else?
I just experienced something really weird and unpleasant.

A friend of mine randomly called me to ask what was going on with my Steam profile, I got confused and when I checked, I saw that someone had changed/deleted everything on my profile - display and real name, location, picture, description, custom URL. He/she also removed my background, showcases, unequipped my badge and deleted all comments from my profile. I checked everything else and nothing more was touched - my inventory, Wallet Funds, friend list, games, screenshots etc - they're all still there.

However, I have always had Steam Mobile 2FA enabled and didn't get a single login attempt, yet someone has been able to do this stuff in my account, how? (and of course, I changed my password immediately after learning about this) I already contacted Steam Support about this, but I'm yet to receive an answer.

What is the explanation for this and has anyone else experienced this? Most of this is nothing bad and can be easilty reverted by myself (except the pages of comments that they deleted), but it still haunts me that someone could just do something like that while I have my 2FA enabled, how is that possible? This time I got away pretty easily, but if I don't know the cause, who knows what might happen the next time? Maybe they decide to clear up my friends list, delete all my screenshots, deactivate games from my account or purchase some ♥♥♥♥ with my PayPal connection? This ♥♥♥♥ is actually scary and needs to be addressed.

You can still see the aftermath of the attack on my profile, I haven't touched a thing, since I'm still waiting for a reply from the Steam Support in a hope that they can just rollback my profile, so I would get the deleted comments back.
By the way, as much as I suspected it, the link they put in my description isn't a phishing site or anything, it's an actual Valve site about general VAC information.
< >
Showing 1-7 of 7 comments
Drenus 1 Jun, 2018 @ 2:08pm 
DO NOT try to trade any of your items, make sure you de-auth acces to your account, and then change the password from another pc
#1
ᑕ Λ Տ Տ Ꭵ Ξ 1 Jun, 2018 @ 2:14pm 
Whoever hijacked your account might have intended to use your account to troll or scam other users by pretending to be Valve Anti-Cheat.
#2
Ace1 1 Jun, 2018 @ 2:15pm 
Originally posted by Drenus:
DO NOT try to trade any of your items, make sure you de-auth acces to your account, and then change the password from another pc

Thanks for the suggestions :) However yeah, I changed my password from another computer. Another friend of mine already told me not to trade aswell, I tried sending him a 0.03€ skin to see if it would be scripted over to a scammer, but the trade worked fine. Maybe because I'm still not using my main PC and it is somehow infected?
#3
Ace1 1 Jun, 2018 @ 2:18pm 
Originally posted by 💍 The Bloody Empress 💍:
Whoever hijacked your account might have intended to use your account to troll or scam other users by pretending to be Valve Anti-Cheat.

I figured the same lol, but it got me thinking, if they went this far for a prank/troll (to hijack someone's account for it), then why only change the profile and not ♥♥♥♥ up the rest of my account? Conscientious scammers? o.O
#4
ᑕ Λ Տ Տ Ꭵ Ξ 1 Jun, 2018 @ 2:32pm 
Originally posted by VAC:
Originally posted by 💍 The Bloody Empress 💍:
Whoever hijacked your account might have intended to use your account to troll or scam other users by pretending to be Valve Anti-Cheat.

I figured the same lol, but it got me thinking, if they went this far for a prank/troll (to hijack someone's account for it), then why only change the profile and not ♥♥♥♥ up the rest of my account? Conscientious scammers? o.O
Or it could be someone you know. Family and friends tend not to be very high on our suspect list. I remember about 10 years ago, my schoolmates used to troll people by picking up unattended phones and sending prank messages or just screwing around on the contacts list (this was back when smart phones were still new and expensive and unlocking a phone was just two button pushes away).
#5
Ace1 1 Jun, 2018 @ 2:38pm 
Originally posted by 💍 The Bloody Empress 💍:
Originally posted by VAC:

I figured the same lol, but it got me thinking, if they went this far for a prank/troll (to hijack someone's account for it), then why only change the profile and not ♥♥♥♥ up the rest of my account? Conscientious scammers? o.O
Or it could be someone you know. Family and friends tend not to be very high on our suspect list. I remember about 10 years ago, my schoolmates used to troll people by picking up unattended phones and sending prank messages or just screwing around on the contacts list (this was back when smart phones were still new and expensive and unlocking a phone was just two button pushes away).

Nah, my PC, laptop and phone are all fingerprint- or PIN-locked and I'm totally sure no one knows my PIN (plus my family wouldn't even know how to do this stuff heh). Furthermore, last time I logged in to my Steam account at a friend's place or such was maybe 2 years ago, pretty sure it wouldn't be possible since I always log out and have used 2FA since.
Btw I do remember the times you are describing lol :Original_Assassin:
#6
Ace1 1 Jun, 2018 @ 11:26pm 
Originally posted by Toast:
This has become a common occurence lately.

You either entered your login and steam guard code into a fake site, or you downloaded something which infected your PC and then logged your login and steam guard.

The goal of this attack is to get you to trade your items to another account, which will likely be an impersonator. Your items will then be gone forever. Steam support will not restore them.

The reason for this fake VAC notice is that the attacker can't access your phone to confirm the trade for your items. So they need to scare you with a fake VAC ban notice.

VAC will never warn you about a ban before applying it.

The attacker may already have an account on your friend list waiting to impersonate the trade recipient.

That's whats weird, because I've either only logged onto reputable sites like OPSkins, or other smaller ones which for sure had the legit Steam login feature, so they couldn't get my password? As for the downloads, I'm always extremely careful about this stuff, so again, I'm pretty sure I haven't got a virus.
Yup, I'm pretty positive that the point is the trade scam, however as said, I tried trading a 0.03€ skin to my friend and it got to him without problems, but since I'm using another PC right now, it is likely that my main PC has the script/virus that sends the trade to the impersonator (although I have no idea how it would've got to my PC in the first place, as said before). I'll try it out soon.
This VAC "notice" is obvious trash yeah, you would have to be 10 to believe this and not know how VAC works lol.
Last edited by Ace1; 1 Jun, 2018 @ 11:28pm
#7
< >
Showing 1-7 of 7 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Community > Topic Details
Date Posted: 1 Jun, 2018 @ 1:59pm
Posts: 7
Start a New Discussion

Discussions Rules and Guidelines