Your account was phished / hijacked. Follow steps 1- 8 to secure your account:

1. Scan for malware https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices https://steamhost.cn/twofactor/manage

4. Change passwords from a trusted/clean device.

5. Generate new backup codes for your Mobile App https://steamhost.cn/twofactor/manage

6. Revoke the API key https://steamhost.cn/steamcommunity_com/dev/apikey (there should be nothing in the APIKEY)

7. Make sure your steam recovery email account is secure and still accessible.

8. Do a PW reset to recover any steam points spent in last 14 days.

Steam will NOT return lost funds or Items.

Because you were phished on your computer. They grabbed the session token from that 30 second 2fa code, along with your login info. that is the only way. with all 3 parts of the key, they could use that at any time to log in as you, since they had the 2fa session token code, steam thinks it is you.

The only way to get all 3 parts of the key is from your computer, you were phished.

https://steamhost.cn/help_steampowered_com/en/wizard/HelpWithAccount

To begin a account recovery (Lost / Stolen) Follow these steps:

https://steamhost.cn/steamcommunity_com/discussions/forum/7/601905007519865294/?tscn=1747857836

I downloaded malware on a fresh install of windows that had the steam client downloaded and signed in. I wasn't even logged in the browser. And Iam certain I wasn't phished, specially that I use a password manager, so if a phishing URL asks for my password I would notice that something is wrong.
So, I believe they got access through the cookies the steam client uses. But I can't be sure, and confused if that's true. Why doesn't steam sign me out if my IP changes to a different location?

Originally posted by 101lols:

I downloaded malware on a fresh install of windows that had the steam client downloaded and signed in. I wasn't even logged in the browser. And Iam certain I wasn't phished, specially that I use a password manager, so if a phishing URL asks for my password I would notice that something is wrong.
So, I believe they got access through the cookies the steam client uses. But I can't be sure, and confused if that's true. Why doesn't steam sign me out if my IP changes to a different location?

That is not have your account was hijacked. You did something that allow the hijackers access to your account. Have you visited any sites that you logged into with your Steam account linked, click any link sent to you to vote, etc. Also this could have happened many years ago, but now the hijackers decided to used your account.

Wait a minute, did you just say that you downloaded malware?

Originally posted by SLG:

Originally posted by 101lols:

I downloaded malware on a fresh install of windows that had the steam client downloaded and signed in. I wasn't even logged in the browser. And Iam certain I wasn't phished, specially that I use a password manager, so if a phishing URL asks for my password I would notice that something is wrong.
So, I believe they got access through the cookies the steam client uses. But I can't be sure, and confused if that's true. Why doesn't steam sign me out if my IP changes to a different location?

That is not have your account was hijacked. You did something that allow the hijackers access to your account. Have you visited any sites that you logged into with your Steam account linked, click any link sent to you to vote, etc. Also this could have happened many years ago, but now the hijackers decided to used your account.

Wait a minute, did you just say that you downloaded malware?

I log in to many websites with "Sign in through Steam". But I didn't give any websites my login. I don't even remember my steam password. I use my password manager, and it only fills the login fields when the URLs match the ones in the database (steam login pages). And that has been my setup for many years. I don't use any strangers computers.
It's possible the hijacker got that token years ago and waited all that time. But I see no reason for that, that wallet had money for years and it only decreased.

The hijacking happened like 8 hours after that malware incident. And since you seem curious. I was fresh installing windows on my laptop after running Linux for a while. I thought the install had nothing important nor personal, so for no reason at all I wanted to check a program I was quite sure is malware but wanted to make sure. Like if it was or wasn't, I would just format and reinstall windows. Why not run it on a virtual machine? Stupid impulsivity. Anyway, turns out I signed into steam while setting things up and totally forgot. And turns out that program I wanted to try is some awful malware. I didn't think much of it, till hours later I notice the community market receipt in my email. I formatted windows right after I installed that malware by the way. I received the receipt long after I formatted the drivers in my laptop, so it wasn't a remote access type of attack.

I know that this is my fault. Iam just asking, how do I report this? Steam surely can find the account that benefit from my account buying those market items at super inflated prices, or at least let me cancel the reports filed using my account. And I thought steam logged us out if we changed locations, am I wrong?

Me too. I just opened my account after several days of being inactive, my money in my steam wallet is all gone. Someone using my account bought stupid things in the community market. It may not be much but it could afford Palsworld. I'm broke and sad.

"I log in to many websites with "Sign in through Steam". But I didn't give any websites my login"

Read that line over and over again untill you realize what you just wrote... :-)

How you report your own stupidity?

Complain to your parents for having the audacity to not teach you about critical thinking skills perhaps?

Originally posted by 101lols:

...
I know that this is my fault. Iam just asking, how do I report this? Steam surely can find the account that benefit from my account buying those market items at super inflated prices, or at least let me cancel the reports filed using my account. And I thought steam logged us out if we changed locations, am I wrong?

If it's proven that it was used in a scam, the most they'll do is trade ban the account. But you won't get your wallet back.

Community market transactions are final.

Originally posted by Kurama:

Me too. I just opened my account after several days of being inactive, my money in my steam wallet is all gone. Someone using my account bought stupid things in the community market. It may not be much but it could afford Palsworld. I'm broke and sad.

Secure your account:

1. Scan for malware.
https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices.
https://steamhost.cn/twofactor/manage

4. Change passwords from a clean computer.

5. Generate new backup codes for your Mobile App. https://steamhost.cn/twofactor/manage

6. Revoke the API key (there should be no key).
https://steamhost.cn/steamcommunity_com/dev/apikey

Originally posted by Thiesen:

"I log in to many websites with "Sign in through Steam". But I didn't give any websites my login"

Read that line over and over again untill you realize what you just wrote... :-)

How you report your own stupidity?

Complain to your parents for having the audacity to not teach you about critical thinking skills perhaps?

They were referring to the Open ID sign in. which is safe.

Originally posted by Maria:

Originally posted by 101lols:

...
I know that this is my fault. Iam just asking, how do I report this? Steam surely can find the account that benefit from my account buying those market items at super inflated prices, or at least let me cancel the reports filed using my account. And I thought steam logged us out if we changed locations, am I wrong?

If it's proven that it was used in a scam, the most they'll do is trade ban the account. But you won't get your wallet back.

Community market transactions are final.

Originally posted by Kurama:

Me too. I just opened my account after several days of being inactive, my money in my steam wallet is all gone. Someone using my account bought stupid things in the community market. It may not be much but it could afford Palsworld. I'm broke and sad.

Secure your account:

1. Scan for malware.
https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices.
https://steamhost.cn/twofactor/manage

4. Change passwords from a clean computer.

5. Generate new backup codes for your Mobile App. https://steamhost.cn/twofactor/manage

6. Revoke the API key (there should be no key).
https://steamhost.cn/steamcommunity_com/dev/apikey

Originally posted by Thiesen:

"I log in to many websites with "Sign in through Steam". But I didn't give any websites my login"

Read that line over and over again untill you realize what you just wrote... :-)

How you report your own stupidity?

Complain to your parents for having the audacity to not teach you about critical thinking skills perhaps?

They were referring to the Open ID sign in. which is safe.

thanks for the advice. I'm going through my settings and found out that someone opened my account from another country.

I wasn't notified about it. It is even seriously concerning because it said I authorized the device from my steam guard mobile Authenticator. like how? Its super miles away from me. I'm getting anxiety with using my steam now.

Originally posted by Kurama:

Originally posted by Maria:

If it's proven that it was used in a scam, the most they'll do is trade ban the account. But you won't get your wallet back.

Community market transactions are final.


Secure your account:

1. Scan for malware.
https://www.malwarebytes.com/

2. Check that the email and phone number on the Steam account are still yours.

3. Deauthorize all other devices.
https://steamhost.cn/twofactor/manage

4. Change passwords from a clean computer.

5. Generate new backup codes for your Mobile App. https://steamhost.cn/twofactor/manage

6. Revoke the API key (there should be no key).
https://steamhost.cn/steamcommunity_com/dev/apikey


They were referring to the Open ID sign in. which is safe.

thanks for the advice. I'm going through my settings and found out that someone opened my account from another country.

I wasn't notified about it. It is even seriously concerning because it said I authorized the device from my steam guard mobile Authenticator. like how? Its super miles away from me. I'm getting anxiety with using my steam now.

Because you were phished on your computer. They grabbed the session token from that 30 second 2fa code, along with your login info. that is the only way. with all 3 parts of the key, they could use that at any time to log in as you, since they had the 2fa session token code, steam thinks it is you.

The only way to get all 3 parts of the key is from your computer, you were phished.