Search for new games to share.
Syntax for writing comments.
Frequently asked questions.
Community rules and guidelines.
My account has been stolen.
Email was changed as well as password and the steam autenticator removed.
What can I do fast?
The site that steals accounts:
DO NOT LOGIN THERE
Don't accept any friend requests or links in messages from anyone who said their acc was stolen in here
our accounts have been hacked and all 3 of us without account were his common friends.
AND DO NOT CLICK LINKS FROM HIM UNLESS IT IS SOLVED (you can also check comments on his profile)
Comment has been collapsed.
contacting steam support and providing proof of past purchases.
Did that. Any clue how fast are they to respond?
I think it takes something around 1 day, but main thing is to calm down, you have prove of your purchase and steam support is there to help you, this already happened to my friend, and he had his account back in 1-2 days, with everything, nothing lost, so just calm down and wait, there is nothin you can do now...
This comment was deleted 4 days ago.
ONE SIMPLE RULE:
To add to this having a password manager that detects the url also helps with this since it won't post your info if it's a fake. But ya I just use a bookmark to login!
I use a password manager (KeePass) and I keep it 100% separated from the browser. Auto-filling has actually been exploited to steal passwords from a password manager in the past, so for an alert user (one who checks the URL manually, or better yet, who either types it or relies on bookmarks), a password manager that auto-fills based on URL is an added risk, not an added security.
I go with the convenience instead and for sites that are "high security" like banks, email, any account where my credit card is added, I disable autofill in the settings, and/or enable that I have to re-enter my master password before it autofills.
While this is a little extra work in some ways it retains the convenience of being able to use unique passwords on every little forum and site without having to toggle between programs to enter passwords.
When my friend's account has been stolen, it took a week to get it back. But she's from Eastern Europe, so maybe it depends on your location.
Use this to help you. http://support.steampowered.com/kb_article.php?ref=2347-QDFN-4366
Having the same issue here mate. may we be saved soon.
what's going on
for me, a friend of mine on steam had his account hacked and posted a malicious site in steam chat which i stupidly used.
the same. I am pissed on myself as hell since I am usually smarter than that ...
it wasn't a guy with a profile picture of the nerd from the office was it?
Yup, stupid Breadman ...
I hope you get your account back soon. His account was hacked also.
I know ... but it is like domino effect ... one person clicks it ... two more ... four more ....
in the end I am mad at myself for being off guard, not him
nah it could happen to anyone. Don't be mad at yourself.
You guys... I'm sad to say it looks like we're all in the same shit.
Yeah, same person. I guess that means they've been dumb enough to go for it too... even though they have tons of games, what the hell...
Yeah ... I will just remove all people I don't know personally from now on. It is not worth the experience.
Same goes for me. Was literally thinking about it for days now. And to think I've personally given them codes for games too...
im asking coz i see 3 threads for hacked accounts !
Just afraid they're gonna deactivate my keys and stuff. I also have a lot of money in trading cards too and about 30 dollars in steam wallet.
they can use that money wallet for sure but i doubt without steam autenticator they can trade anything!
I have clicked everything on the help page and it seems I have locked my account.
Well, stupidity is expensive and I can only blame myself ... and Breadman.
it force logged me out of the authenticator too so idk if they can unlink it
Check your email, you will have "Steam Guard Mobile Authenticator removed" as well as "A phone was removed from your Steam account
The same thing - about 43 euro in wallet, about 190 cards and some other stuff
Just calm down, okay? Thats main thing now and also, you know, that there is the 14-day ban on every trade without steam authenticator enabled? So i think that they cant do much damage, i guess that they rely on people that wont/cant report it.
Be honest - would you be calm? I know you mean well, but bloody hell this is not a good day
Not a good time, not a good day... there's never a good moment for something like this... fuck.
I was in similiar situation myself, but okay here are the facts:
1) They cant trade anything, there is the 14-day ban on every trade without steam authenticator
2) Also you cant really delete any game from your account, on the support page there is always the restore button
If i can answer any other questions, just write me..
Did you get your wallet credit back? This has never happened to me, but I'm curious.
Thank you. That atleast make me a bit less nervous ... I have send steam support like 10 screenshots so I hope it will work out.
If they unlinked the phone from my account would they be able to make purchases using my steam wallet without any other authentication? Also any idea how long steam support takes to reply to these things?
I wont lie, i dont know about the steam wallet, because i use Paysafecard, so i dont have any money in my wallet. But till its in steam, i believe that steam support will help you, they cant let their reputation get damaged now, when there is the battle against EG Store and other game stores.
True. Honestly the steam wallet wasn't really cash anyway. Most of it was from a single trading card I sold to some guy in japan for 26 dollars. So oh well. Glad to hear about the trade ban at least, hope it doesn't take past that time for us to get our accounts back. I recently added a list of games and their corresponding keys in a reply to the support request I submitted. Any idea what else I can do to help them speed the process along?
Probably not, i think that you did everything you could. Now its their turn, but it can take longer now, when there are multiple "attacks" at once, so now, just wait and try to relax, listen to some music, etc..
But if you really want to do something to help, you can probably write other gamers/friends or users on social sites about this, so there wont be more victims and yours will be processed faster. a
sorry but the OP said they change email and password, so why couldn't they activate a new authenticator?
You must have new authenticator for 14 days to dont get the trade-ban
oh right, totally forgot about that!
1 free game for new users!
take the game you want!
1 free game for new users!
take the game you want!
Your account sent me that
You probably may want to censor the link.
But why tho? How can others be warned if you don't tell'em what not to click?
some people might not understand/read english, but clicking every link^^
dont know if posting a link will reduce the count of victims or increase it...
There are people out there that stupid? Just clicking any link I mean.
You're certainly right, didn't think about DAUs.
Do also note that accidents happen, especially with misclicks, and all the moreso in the context of websites, given the variation in interfaces used to access basic internet sites. Accidents of that sort can happen with just a single moment of carelessness or distraction, so it's not something that requires and sort of special circumstance.
That said, I'm prone to misclicks myself, given that I still have the occasional muscle tremor or spasm, so.. consideration for those with special circumstances would be appreciated nonetheless.
Well, it's reasonable and useful so long as the link is stripped. The OP on the other hand, has a direct link to the site, which is an issue. Direct linking to a site like that is both in violation of SG's rules and in violation of basic internet courtesies.
I'd rather people know what to avoid.
So they are using it. Jesus. At least I put warnings on my steamtrades pages already. I hope you didn't click it like I stupidly did. Like the guy above me said def censor that link so others don't get sucked into it.
I looked at the site.
Didn't bother logging in since it was a BS log in page, obviously so, to be honest.
happened to me few years ago make steam ticket than they will ask for proof just show them the screen shot of your purchase and steam keys that u activated and they will retrieve your account.Remember they always take time to reply in my case they took 2 weeks to retrieve my account.
God I hope we don't have to wait that long. I will seriously lose it here XD
This comment was deleted 3 days ago.
you should remove this as it is "calling out". He didn't do more wrong than you.
Good luck with your account :)
he did not, but I will risk a temporally suspension here if it saves at least one account. The same goes for my account as I was informed that my account is also sending false messages right now.
I will remove it as soon as our accounts are restored :)
It's kinda borderline, since it's not actually stating or implying anything negative about the users in question [which makes it safe] but it is potentially damaging innocent users via unconfirmed accusation [which makes it prohibited].
Though if the users in question already all made comment to the fact that they were compromised (in any location that can be referenced via link), then it'd be safe, as it'd avoid the latter element. There's nothing wrong with making a PSA to protect users, so long as no negative implications toward the users or unfounded assumptions are made.
A more iffy situation would be if the users directly gave Ascate permission to post their names, as that's something that should be acceptable, but is still unsupported by any sort of confirming evidence. The best approach there likely would be to permit it, but to impose a heavy suspension if the user is found to have been misrepresenting the matter; Staff may, however, have a different take on the matter.
(Disclaimer: At least, that's how it'd follow based both on previous interpretations on the calling out rule and off intuitive consideration, but I don't recall this having been given word-of-god by staff before and I myself am not staff, so take it as an educated assertion rather than confident statement of fact.)
Of course there is nothing wrong with warning users but the PSA should be: don't shut down your brain if you read "free game" and never login somewhere else than on steamcommunity.com
I have two steam friends who fall for this too, should I write their profiles here too? I don't see why this would help 🤷 you shouldn't log in on a page someone send you regardless if the link comes from Sooth, Moony1986 or Gabe Newell himself 😉
You brought up site rules. not pros and cons. I addressed site rules. :P
As far as constructive benefits go, Steam Chat does have a chat block function for individual users, so the information is potentially useful, as it lets you quickly address the users in question before any risk occurs. I've already had to bring this up today, but a misclick is a thing that easily happens.
Likewise, while you should always check grammar and content to confirm the nature of a link before progressing anywhere with it, there's absolutely no reason to inherently suspect links from friends, assuming there are no concerning elements as part of the presentation. I mean, I've a pretty tight network of contacts who regluarly toss around promotion, news, meme, or other links, it's not remotely unusual to encounter for those of us who use Steam chat as a medium for social interaction or information sharing.
I don't know anything about the specifics of the page but, yes, if it requires the provision of any kind of information, then anyone who isn't completely inexperienced with personal security should intuitively feel compelled to research the site beforehand. I got the impression that just clicking on the link was enough to cause an issue, though.
Anyway, again, I was discussing site rules, to match to the topic you brought up. Your considerations of the merits of such actions is separate from whether the site permits the matter or not. As far as whether you should reference your friends or not, I've already detailed the site rules on the matter to the best of my ability, and I've no real sentiments on the matter. As such, I can't help you decide whether or not that's something you desire to do, but I've given you the resources to make a proper determination on the matter. ^.^
its not only about accepting request u used some links that he gave u or something like that no one can hack your account only by adding you as friend.
I have reported your steam account as stolen from the rightful owner. Steam says you still need to report it. (as you already have). Just thought I"d put in a report about the stolen account from an account not connected to it.
I do have a question. How do they remove the steam authenticator without having access to it? Or did you put the number into the fake site when it asked? if this can be removed without knowing it. Thats rather worrisome.
From what I've read. Never put that number in any site. Go directly to steam. login and then reload the site in question. if its now just asking for the button click to confrm a steam connection then "your good". Iff its still asking for the login then 'its fake".
I have put my autenticator into a side when it asked. The login pagged looked exactly the same as on Steamgifts and Steamtrades.
It was my own stupidity and I am aware of that sadly
Also thank you for the help. I really appreciate it.
It should not be a problem to get back. i have have no idea what can happen in the meantime. Hopefully not to much. You can provide steam with keys that you have won here and activated. Only steam and you will know what those keys are. providing a key or two from before the hack will prove your the rightful owner.
I admit this scenario is rather scary. I have to much invested in my account to lose it. Good luck.
The worst thing the hijacker can do is to get him vac banned but I don't think the scammers really care enough to do it.
Damn. This is happening all too often these days. I got lucky a couple of months ago. Steam was fast. Only lost the account for about 36 hours. Helped that I was able to provide an HB game key that I activated the day before.
I have actually send them screenshot of keys I have activated 2 weeks ago :) hope it helps them to solve it ultra fast ...
It should. Those things do help with evidence that it's your account.
Did it just happen man? how'd you lose your account? Or are you the hacker? That emoji makes me question your authenticity.
i clicked on a link i shouldn't have (._. )
same as us then. did someone post it to you or just surfing online?
someone sent it to me
tell me when you have the account back. I will remove the warning from the topic
I seriously don't think this is funny ...
i know man it sucks, i was going to buy a lot of games today and now i have to sit on my hands and wait for steam support to fix it :(
it might not be funny but guess what? if your account get stolen, your friends might get the same link...
so if you blame him, blame your self as well ;)
I have done everything that I could to prevent that including a message from my IRL friend on my profile and sending a message to everyone I had on steamtrades ... I literally can't do more about it right now
its nice of you to try to protect as many as possible. would be interesting how many accounts are falling for this scam... if people with many friends are getting occupied, the damage might get huge
That's why I say - never enter your credentials on the site where you got by a link. any link. Site wants you to login with steam? Fine. But when you click on that login button "steam" asks you to enter credentials? NO WAY. Open new window, type in "steamcommunity.com" (or have it bookmarked), and if you are really not logged in there - it's safe to login and return to the site that wanted you to login with steam account. But if you are already logged in - you know someone wanted to scam you. It's a good approach not only for steam, but for every site that can be used to login to other sites (openid provider) - like facebook, twitter, etc.
ppl nowadays rely so much on "protection" like firewall, antivirius, Steam-Auth. etc, when the real safety risk sitting in front of the computer.
I thought that was just getting out of bed every day.
Even better, simply log in in your new safe window, then refresh the possible scam. No need to take any risks!
Didn't I said the same?
Oh sorry, I took it as saying you had to check if you were logged into steam before logging in into the suspicious window. I must have read it wrong then, sorry~
Some assholes are sending me links to that scam site.
The login with steam page is obviously BS.
its not that hard. dont accept any friend request from strangers and dont click on links from anyone and especially dont login. that is the 101 of not getting "hacked". you cant really call it hacking if the victim gives his data as presents.
Same bullshit. Probably i can say Bye to all my invemtory things and money. Just shit.
Another one? Well, this is spreading fast.
Now I want a link, too :( Sorry, not funny...
I'm just stupid. Entering authentificator code to shady-site was a foolish idea, even if friend have sent it. And this happens right after selling some valuable things. FUU. Hope steam-support works good and I won't lose my account at least.
You will get it back in the end, don't worry, it's just a matter of hours. ;)
Oh, ok then. Thanks for answer. This whole situation is a bit new for me. I never was hacked and I can call it stress for some kind. To many games on account, to many on SG for this account.
I feel you and would react the same way. Everyone would freak out when their precious Steam account has been hijacked.
Be sure to have some recently activated Steam keys at hand to prove your ownership to support. Just try to be calm and patient, it will be fine in the end and you've learnt a lesson. ;)
At first I've added my recent activated key to my support-ticket. There was only one blank-space,so only one key
I just put "FAST" in there as I panicked :D but I have put screenshot of about 5 keys from HB that were activated on my account recently
I've just wrote "i can add hundreds of activated keys of my account" in addition to key. Posting screenshots looked time-spending for me if my message cause account-lock.
you sure its hours? i get the feeling that with this many of us it will be days or even weeks :(
google says the average support response from steam is 3-15 hours. Since it is weekend we should count with more
If I can get mine back before the trade ban ends on my stuff I will be satisfied. Here's hoping.
We will see, hopefuly, tommorow ... let me know if they contact you :) I will do the same
Well, good luck to you, friend.
Here you go
I clicked it and it was pure :joy: !!!!
Now I want a link, too :(
Now I want a link, too :(
Here, this one is just for you.
If you had steam wallet and the hijacker uses it, don't worry steam support will get you the money back but they do it just once. If you'll get your account hijacked again in the future, they won't do it again.
That is actually a nice info. thank you
Yea it happened to me too a few years back when steam autenhtificator wasn't even implemented yet. The thing that bugged me most is that the hijacker will probably still make use of your money because when steam gives you your money back they don't remove it from the hijacker's account, they just duplicate it. So we practically gave them free money.
1 free game for new users!
take the game you want!
thats the message i got from "you" . DONT CLICK ON THE LINK !!!!!!
why is the link poised?
To people who had their account stolen like me, you may have received an email that your mobile authenticator was removed using an sms code that was sent to your phone. Obviously you didn't receive it. I'm not sure if I can guarantee that they didn't intercept that sms somehow but based on my mobile account the text message never occurred. I'm not sure if it didn't appear in my text history because it was intercepted or because there was no text. Can anyone with more knowledge than me verify whether or not our phone numbers are safe?
I feel for you guys, the login page is very convincing and I probably wouldn't have noticed any difference if I wasn't looking for one.
Looking at that site itself though...you always gotta remember the golden rule: "If it sounds too good to be true, it probably is"
You are right ... I was simply not expecting it and it caught me off guard
The URL is usually the biggest giveaway
The site that steals accounts:
spindatgamex [dot] com (redacted)
The site that steals accounts:
spindatgamex [dot] com (redacted)
Damn, I'm curious about how they manage to make their phishing URL appear as "about:blank"...
On a side note, I wonder what else they're running (a coin minier or something?) on their main site, as it uses a full CPU core
Oh, thanks. Interesting front-end voodoo ^^
Lost mine too ... sent ticket ... the only good thing that I don`t have debit card info on account.
Someone's making monies out there.
Here i am at the middle of the night waking up after napping and seeing two messages from person at the friendlist whom i have never really talked with. So eyes blurry, thoughts messy can right on see what's going on and then check topics here and be baffled how people fall for these. Spindatgame...
If you get Steam login credentials site from some link, don't put them in there instead put them in here http://store.steampowered.com/login/
Good now you can refresh the other page and if it asks still your login credentials, congratulations you have found non legit steam login site!
How convenient just as writing this 3rd message came in. :)
thats the way^^
The site uses Cloudflare, so you can submit an abuse report here: http://www.cloudflare.com/abuse/form
Also be carefully from traders.For example rocket league guys selling a lot of expansive items for really cheap and send u link to log in and +rep them when u went on that link its exact same steam just u need to log in.I allmost fall on that but page said its not safe should go back and few days later saw youtuber did that and they hacked his account he lose everything...
Hoping you guys get your accounts back, and just throwing this out there...
Don't login when you don't see the green lock for httpS and after that the steamadress.
All other are faked sites and when you give them your login and password it isn't hard to make bullshit with your account.
Half of the people from my friendlist that done it have loosed there inventory stuff. The other half still have it. All got there accounts back, mostly after a few hours, in the worst case after 2 days.
I wish you luck with the inventory
EDIT: As a sidenote, you are Nr. 8 from my friendlist that have a hijacked account.
EDIt 2: Report the site at: http://www.cloudflare.com/abuse/form and at email@example.com ( http://i.imgur.com/azktdOS.png thanks ScourgeTM)
Green lock by itself is useless. It only protects from MITM attacks. Anyone can get a green lock for free.
It needs a green lock and "Valve Corp [US]" beside it.
From my text it was clear that you need BOTH because i used the word "AND"
You said green lock and steamadress (which I assume would be just the URL), not the organisation that the certificate is signed for. There is still possibility of domain fakery with similar looking ones and Unicode lookalikes.
Green Lock for the Valve Corp (when you hover over the lock you get the exact info) AND the right adress.
But in this case all were ok when the people not give there logins and passwords to a random site that haven't the steam adress.
Its so annoying to get each hour that scam links sended from steam friends.
4 were hijacked alone yesterday ... and at my steam friendlist aren't the dumbest or unexperienced people That make it double shit
Hey man, my friend had a similar problem some years ago.
What we did is that we used a CD key that he had activated a long time ago as a proof of ownership.
To be precise, he had Counter Strike 1.6 CD case with a key printed on it. He made a photo and submitted it to show that he has the case with the key that was used to redeem the game.
Additionally, I think that you can use your credit card as well. Not that you should take a photo of it or anything like that, but just tell them that, if you've made any purchases with a credit/debit card on Steam, you have it and you should be able to verify your ownership that way.
P.S. Haven't read through the replies, wanted to post ASAP so I apologize if someone already mentioned this.
Please edit your post so that the site name no longer links to the site.
Unless your goal is to get people to click on it, but that would be bad.
that would be bad.
that would be bad.
Would you say that it would make you awfully mad?
I make it a point never to adjudicate an incident unless unless I am calm..
this guy is support from hjere? he got hihacked too http://steamcommunity.com/profiles/76561197985759517/
Yes, he is one of our Mods. We've already locked his account, for now. Let's hope he's back, soon.