contacting steam support and providing proof of past purchases.
Comment has been collapsed.
I think it takes something around 1 day, but main thing is to calm down, you have prove of your purchase and steam support is there to help you, this already happened to my friend, and he had his account back in 1-2 days, with everything, nothing lost, so just calm down and wait, there is nothin you can do now...
Comment has been collapsed.
ONE SIMPLE RULE:
- log in ONLY on main Steam page = https://store.steampowered.com
- if any other page asks for your Steam credentials when you're logged in on Steam main page = it's a fake!
Comment has been collapsed.
I use a password manager (KeePass) and I keep it 100% separated from the browser. Auto-filling has actually been exploited to steal passwords from a password manager in the past, so for an alert user (one who checks the URL manually, or better yet, who either types it or relies on bookmarks), a password manager that auto-fills based on URL is an added risk, not an added security.
Comment has been collapsed.
I go with the convenience instead and for sites that are "high security" like banks, email, any account where my credit card is added, I disable autofill in the settings, and/or enable that I have to re-enter my master password before it autofills.
While this is a little extra work in some ways it retains the convenience of being able to use unique passwords on every little forum and site without having to toggle between programs to enter passwords.
Comment has been collapsed.
When my friend's account has been stolen, it took a week to get it back. But she's from Eastern Europe, so maybe it depends on your location.
Comment has been collapsed.
Use this to help you. https://support.steampowered.com/kb_article.php?ref=2347-QDFN-4366
Comment has been collapsed.
Having the same issue here mate. may we be saved soon.
Comment has been collapsed.
for me, a friend of mine on steam had his account hacked and posted a malicious site in steam chat which i stupidly used.
Comment has been collapsed.
the same. I am pissed on myself as hell since I am usually smarter than that ...
Comment has been collapsed.
it wasn't a guy with a profile picture of the nerd from the office was it?
Comment has been collapsed.
You guys... I'm sad to say it looks like we're all in the same shit.
Comment has been collapsed.
Yeah, same person. I guess that means they've been dumb enough to go for it too... even though they have tons of games, what the hell...
Comment has been collapsed.
Yeah ... I will just remove all people I don't know personally from now on. It is not worth the experience.
Comment has been collapsed.
Same goes for me. Was literally thinking about it for days now. And to think I've personally given them codes for games too...
Comment has been collapsed.
im asking coz i see 3 threads for hacked accounts !
Comment has been collapsed.
Just afraid they're gonna deactivate my keys and stuff. I also have a lot of money in trading cards too and about 30 dollars in steam wallet.
Comment has been collapsed.
they can use that money wallet for sure but i doubt without steam autenticator they can trade anything!
Comment has been collapsed.
I have clicked everything on the help page and it seems I have locked my account.
Well, stupidity is expensive and I can only blame myself ... and Breadman.
Comment has been collapsed.
it force logged me out of the authenticator too so idk if they can unlink it
Comment has been collapsed.
Check your email, you will have "Steam Guard Mobile Authenticator removed" as well as "A phone was removed from your Steam account
"
Comment has been collapsed.
The same thing - about 43 euro in wallet, about 190 cards and some other stuff
Comment has been collapsed.
Just calm down, okay? Thats main thing now and also, you know, that there is the 14-day ban on every trade without steam authenticator enabled? So i think that they cant do much damage, i guess that they rely on people that wont/cant report it.
Comment has been collapsed.
Be honest - would you be calm? I know you mean well, but bloody hell this is not a good day
Comment has been collapsed.
Not a good time, not a good day... there's never a good moment for something like this... fuck.
Comment has been collapsed.
I was in similiar situation myself, but okay here are the facts:
1) They cant trade anything, there is the 14-day ban on every trade without steam authenticator
2) Also you cant really delete any game from your account, on the support page there is always the restore button
If i can answer any other questions, just write me..
Comment has been collapsed.
Did you get your wallet credit back? This has never happened to me, but I'm curious.
Comment has been collapsed.
Thank you. That atleast make me a bit less nervous ... I have send steam support like 10 screenshots so I hope it will work out.
Comment has been collapsed.
If they unlinked the phone from my account would they be able to make purchases using my steam wallet without any other authentication? Also any idea how long steam support takes to reply to these things?
Comment has been collapsed.
I wont lie, i dont know about the steam wallet, because i use Paysafecard, so i dont have any money in my wallet. But till its in steam, i believe that steam support will help you, they cant let their reputation get damaged now, when there is the battle against EG Store and other game stores.
Comment has been collapsed.
True. Honestly the steam wallet wasn't really cash anyway. Most of it was from a single trading card I sold to some guy in japan for 26 dollars. So oh well. Glad to hear about the trade ban at least, hope it doesn't take past that time for us to get our accounts back. I recently added a list of games and their corresponding keys in a reply to the support request I submitted. Any idea what else I can do to help them speed the process along?
Comment has been collapsed.
Probably not, i think that you did everything you could. Now its their turn, but it can take longer now, when there are multiple "attacks" at once, so now, just wait and try to relax, listen to some music, etc..
But if you really want to do something to help, you can probably write other gamers/friends or users on social sites about this, so there wont be more victims and yours will be processed faster. a
Comment has been collapsed.
sorry but the OP said they change email and password, so why couldn't they activate a new authenticator?
Comment has been collapsed.
1 free game for new users!
take the game you want!
....://spindatgamex.com
Your account sent me that
Comment has been collapsed.
But why tho? How can others be warned if you don't tell'em what not to click?
Comment has been collapsed.
some people might not understand/read english, but clicking every link^^
dont know if posting a link will reduce the count of victims or increase it...
Comment has been collapsed.
There are people out there that stupid? Just clicking any link I mean.
You're certainly right, didn't think about DAUs.
Comment has been collapsed.
Do also note that accidents happen, especially with misclicks, and all the moreso in the context of websites, given the variation in interfaces used to access basic internet sites. Accidents of that sort can happen with just a single moment of carelessness or distraction, so it's not something that requires and sort of special circumstance.
That said, I'm prone to misclicks myself, given that I still have the occasional muscle tremor or spasm, so.. consideration for those with special circumstances would be appreciated nonetheless.
Comment has been collapsed.
Well, it's reasonable and useful so long as the link is stripped. The OP on the other hand, has a direct link to the site, which is an issue. Direct linking to a site like that is both in violation of SG's rules and in violation of basic internet courtesies.
Comment has been collapsed.
So they are using it. Jesus. At least I put warnings on my steamtrades pages already. I hope you didn't click it like I stupidly did. Like the guy above me said def censor that link so others don't get sucked into it.
Comment has been collapsed.
I looked at the site.
Didn't bother logging in since it was a BS log in page, obviously so, to be honest.
Comment has been collapsed.
happened to me few years ago make steam ticket than they will ask for proof just show them the screen shot of your purchase and steam keys that u activated and they will retrieve your account.Remember they always take time to reply in my case they took 2 weeks to retrieve my account.
Comment has been collapsed.
God I hope we don't have to wait that long. I will seriously lose it here XD
Comment has been collapsed.
you should remove this as it is "calling out". He didn't do more wrong than you.
Good luck with your account :)
Comment has been collapsed.
he did not, but I will risk a temporally suspension here if it saves at least one account. The same goes for my account as I was informed that my account is also sending false messages right now.
I will remove it as soon as our accounts are restored :)
Comment has been collapsed.
It's kinda borderline, since it's not actually stating or implying anything negative about the users in question [which makes it safe] but it is potentially damaging innocent users via unconfirmed accusation [which makes it prohibited].
Though if the users in question already all made comment to the fact that they were compromised (in any location that can be referenced via link), then it'd be safe, as it'd avoid the latter element. There's nothing wrong with making a PSA to protect users, so long as no negative implications toward the users or unfounded assumptions are made.
A more iffy situation would be if the users directly gave Ascate permission to post their names, as that's something that should be acceptable, but is still unsupported by any sort of confirming evidence. The best approach there likely would be to permit it, but to impose a heavy suspension if the user is found to have been misrepresenting the matter; Staff may, however, have a different take on the matter.
(Disclaimer: At least, that's how it'd follow based both on previous interpretations on the calling out rule and off intuitive consideration, but I don't recall this having been given word-of-god by staff before and I myself am not staff, so take it as an educated assertion rather than confident statement of fact.)
Comment has been collapsed.
Of course there is nothing wrong with warning users but the PSA should be: don't shut down your brain if you read "free game" and never login somewhere else than on steamcommunity.com
I have two steam friends who fall for this too, should I write their profiles here too? I don't see why this would help 🤷 you shouldn't log in on a page someone send you regardless if the link comes from Sooth, Moony1986 or Gabe Newell himself 😉
Comment has been collapsed.
You brought up site rules. not pros and cons. I addressed site rules. :P
As far as constructive benefits go, Steam Chat does have a chat block function for individual users, so the information is potentially useful, as it lets you quickly address the users in question before any risk occurs. I've already had to bring this up today, but a misclick is a thing that easily happens.
Likewise, while you should always check grammar and content to confirm the nature of a link before progressing anywhere with it, there's absolutely no reason to inherently suspect links from friends, assuming there are no concerning elements as part of the presentation. I mean, I've a pretty tight network of contacts who regluarly toss around promotion, news, meme, or other links, it's not remotely unusual to encounter for those of us who use Steam chat as a medium for social interaction or information sharing.
I don't know anything about the specifics of the page but, yes, if it requires the provision of any kind of information, then anyone who isn't completely inexperienced with personal security should intuitively feel compelled to research the site beforehand. I got the impression that just clicking on the link was enough to cause an issue, though.
Anyway, again, I was discussing site rules, to match to the topic you brought up. Your considerations of the merits of such actions is separate from whether the site permits the matter or not. As far as whether you should reference your friends or not, I've already detailed the site rules on the matter to the best of my ability, and I've no real sentiments on the matter. As such, I can't help you decide whether or not that's something you desire to do, but I've given you the resources to make a proper determination on the matter. ^.^
Comment has been collapsed.
its not only about accepting request u used some links that he gave u or something like that no one can hack your account only by adding you as friend.
Comment has been collapsed.
I have reported your steam account as stolen from the rightful owner. Steam says you still need to report it. (as you already have). Just thought I"d put in a report about the stolen account from an account not connected to it.
I do have a question. How do they remove the steam authenticator without having access to it? Or did you put the number into the fake site when it asked? if this can be removed without knowing it. Thats rather worrisome.
From what I've read. Never put that number in any site. Go directly to steam. login and then reload the site in question. if its now just asking for the button click to confrm a steam connection then "your good". Iff its still asking for the login then 'its fake".
Comment has been collapsed.
I have put my autenticator into a side when it asked. The login pagged looked exactly the same as on Steamgifts and Steamtrades.
It was my own stupidity and I am aware of that sadly
Also thank you for the help. I really appreciate it.
Comment has been collapsed.
It should not be a problem to get back. i have have no idea what can happen in the meantime. Hopefully not to much. You can provide steam with keys that you have won here and activated. Only steam and you will know what those keys are. providing a key or two from before the hack will prove your the rightful owner.
I admit this scenario is rather scary. I have to much invested in my account to lose it. Good luck.
Comment has been collapsed.
The worst thing the hijacker can do is to get him vac banned but I don't think the scammers really care enough to do it.
Comment has been collapsed.
Damn. This is happening all too often these days. I got lucky a couple of months ago. Steam was fast. Only lost the account for about 36 hours. Helped that I was able to provide an HB game key that I activated the day before.
Comment has been collapsed.
Did it just happen man? how'd you lose your account? Or are you the hacker? That emoji makes me question your authenticity.
Comment has been collapsed.
same as us then. did someone post it to you or just surfing online?
Comment has been collapsed.
i know man it sucks, i was going to buy a lot of games today and now i have to sit on my hands and wait for steam support to fix it :(
Comment has been collapsed.
it might not be funny but guess what? if your account get stolen, your friends might get the same link...
so if you blame him, blame your self as well ;)
Comment has been collapsed.
I have done everything that I could to prevent that including a message from my IRL friend on my profile and sending a message to everyone I had on steamtrades ... I literally can't do more about it right now
Comment has been collapsed.
its nice of you to try to protect as many as possible. would be interesting how many accounts are falling for this scam... if people with many friends are getting occupied, the damage might get huge
Comment has been collapsed.
That's why I say - never enter your credentials on the site where you got by a link. any link. Site wants you to login with steam? Fine. But when you click on that login button "steam" asks you to enter credentials? NO WAY. Open new window, type in "steamcommunity.com" (or have it bookmarked), and if you are really not logged in there - it's safe to login and return to the site that wanted you to login with steam account. But if you are already logged in - you know someone wanted to scam you. It's a good approach not only for steam, but for every site that can be used to login to other sites (openid provider) - like facebook, twitter, etc.
Comment has been collapsed.
ppl nowadays rely so much on "protection" like firewall, antivirius, Steam-Auth. etc, when the real safety risk sitting in front of the computer.
Comment has been collapsed.
I thought that was just getting out of bed every day.
Comment has been collapsed.
Even better, simply log in in your new safe window, then refresh the possible scam. No need to take any risks!
Comment has been collapsed.
Some assholes are sending me links to that scam site.
Beware.
The login with steam page is obviously BS.
Comment has been collapsed.
its not that hard. dont accept any friend request from strangers and dont click on links from anyone and especially dont login. that is the 101 of not getting "hacked". you cant really call it hacking if the victim gives his data as presents.
Comment has been collapsed.
Same bullshit. Probably i can say Bye to all my invemtory things and money. Just shit.
Comment has been collapsed.
Another one? Well, this is spreading fast.
Now I want a link, too :( Sorry, not funny...
Comment has been collapsed.
I'm just stupid. Entering authentificator code to shady-site was a foolish idea, even if friend have sent it. And this happens right after selling some valuable things. FUU. Hope steam-support works good and I won't lose my account at least.
Comment has been collapsed.
You will get it back in the end, don't worry, it's just a matter of hours. ;)
Comment has been collapsed.
Oh, ok then. Thanks for answer. This whole situation is a bit new for me. I never was hacked and I can call it stress for some kind. To many games on account, to many on SG for this account.
Comment has been collapsed.
I feel you and would react the same way. Everyone would freak out when their precious Steam account has been hijacked.
Be sure to have some recently activated Steam keys at hand to prove your ownership to support. Just try to be calm and patient, it will be fine in the end and you've learnt a lesson. ;)
Comment has been collapsed.
At first I've added my recent activated key to my support-ticket. There was only one blank-space,so only one key
Comment has been collapsed.
I just put "FAST" in there as I panicked :D but I have put screenshot of about 5 keys from HB that were activated on my account recently
Comment has been collapsed.
I've just wrote "i can add hundreds of activated keys of my account" in addition to key. Posting screenshots looked time-spending for me if my message cause account-lock.
Comment has been collapsed.
you sure its hours? i get the feeling that with this many of us it will be days or even weeks :(
Comment has been collapsed.
google says the average support response from steam is 3-15 hours. Since it is weekend we should count with more
Comment has been collapsed.
Well, good luck to you, friend.
Comment has been collapsed.
If you had steam wallet and the hijacker uses it, don't worry steam support will get you the money back but they do it just once. If you'll get your account hijacked again in the future, they won't do it again.
Comment has been collapsed.
Yea it happened to me too a few years back when steam autenhtificator wasn't even implemented yet. The thing that bugged me most is that the hijacker will probably still make use of your money because when steam gives you your money back they don't remove it from the hijacker's account, they just duplicate it. So we practically gave them free money.
Comment has been collapsed.
Ascate:
1 free game for new users!
take the game you want!
.....................................................
thats the message i got from "you" . DONT CLICK ON THE LINK !!!!!!
Comment has been collapsed.
To people who had their account stolen like me, you may have received an email that your mobile authenticator was removed using an sms code that was sent to your phone. Obviously you didn't receive it. I'm not sure if I can guarantee that they didn't intercept that sms somehow but based on my mobile account the text message never occurred. I'm not sure if it didn't appear in my text history because it was intercepted or because there was no text. Can anyone with more knowledge than me verify whether or not our phone numbers are safe?
Comment has been collapsed.
I feel for you guys, the login page is very convincing and I probably wouldn't have noticed any difference if I wasn't looking for one.
Looking at that site itself though...you always gotta remember the golden rule: "If it sounds too good to be true, it probably is"
Comment has been collapsed.
You are right ... I was simply not expecting it and it caught me off guard
Comment has been collapsed.
The site that steals accounts:
spindatgamex [dot] com (redacted)
Damn, I'm curious about how they manage to make their phishing URL appear as "about:blank"...
On a side note, I wonder what else they're running (a coin minier or something?) on their main site, as it uses a full CPU core
Comment has been collapsed.
The site uses JavaScript to open a new window without specifying an actual URL, hence the location bar shows "about:blank." The actual phishing page is then loaded by writing HTML into the new window to render an IFRAME with the phishing page.
Comment has been collapsed.
Lost mine too ... sent ticket ... the only good thing that I don`t have debit card info on account.
Comment has been collapsed.
Someone's making monies out there.
Comment has been collapsed.
The site uses Cloudflare, so you can submit an abuse report here: https://www.cloudflare.com/abuse/form
Comment has been collapsed.
Also be carefully from traders.For example rocket league guys selling a lot of expansive items for really cheap and send u link to log in and +rep them when u went on that link its exact same steam just u need to log in.I allmost fall on that but page said its not safe should go back and few days later saw youtuber did that and they hacked his account he lose everything...
Comment has been collapsed.
Hoping you guys get your accounts back, and just throwing this out there...
Comment has been collapsed.
Don't login when you don't see the green lock for httpS and after that the steamadress.
All other are faked sites and when you give them your login and password it isn't hard to make bullshit with your account.
Half of the people from my friendlist that done it have loosed there inventory stuff. The other half still have it. All got there accounts back, mostly after a few hours, in the worst case after 2 days.
I wish you luck with the inventory
EDIT: As a sidenote, you are Nr. 8 from my friendlist that have a hijacked account.
EDIt 2: Report the site at: https://www.cloudflare.com/abuse/form and at abuse@reg.ru ( https://i.imgur.com/azktdOS.png thanks ScourgeTM)
Comment has been collapsed.
Green lock by itself is useless. It only protects from MITM attacks. Anyone can get a green lock for free.
It needs a green lock and "Valve Corp [US]" beside it.
Comment has been collapsed.
From my text it was clear that you need BOTH because i used the word "AND"
Comment has been collapsed.
You said green lock and steamadress (which I assume would be just the URL), not the organisation that the certificate is signed for. There is still possibility of domain fakery with similar looking ones and Unicode lookalikes.
Comment has been collapsed.
Green Lock for the Valve Corp (when you hover over the lock you get the exact info) AND the right adress.
But in this case all were ok when the people not give there logins and passwords to a random site that haven't the steam adress.
Its so annoying to get each hour that scam links sended from steam friends.
4 were hijacked alone yesterday ... and at my steam friendlist aren't the dumbest or unexperienced people That make it double shit
Comment has been collapsed.
Hey man, my friend had a similar problem some years ago.
What we did is that we used a CD key that he had activated a long time ago as a proof of ownership.
To be precise, he had Counter Strike 1.6 CD case with a key printed on it. He made a photo and submitted it to show that he has the case with the key that was used to redeem the game.
Additionally, I think that you can use your credit card as well. Not that you should take a photo of it or anything like that, but just tell them that, if you've made any purchases with a credit/debit card on Steam, you have it and you should be able to verify your ownership that way.
P.S. Haven't read through the replies, wanted to post ASAP so I apologize if someone already mentioned this.
Comment has been collapsed.
Please edit your post so that the site name no longer links to the site.
Unless your goal is to get people to click on it, but that would be bad.
Comment has been collapsed.
that would be bad.
Would you say that it would make you awfully mad?
Comment has been collapsed.
I make it a point never to adjudicate an incident unless unless I am calm..
Comment has been collapsed.
this guy is support from hjere? he got hihacked too https://steamcommunity.com/profiles/76561197985759517/
Comment has been collapsed.
Yes, he is one of our Mods. We've already locked his account, for now. Let's hope he's back, soon.
Comment has been collapsed.
My account has been stolen.
Email was changed as well as password and the steam autenticator removed.
What can I do fast?
The site that steals accounts:
spindatgamex
DO NOT LOGIN THERE
Don't accept any friend requests or links in messages from anyone who said their acc was stolen in here
our accounts have been hacked and all 3 of us without account were his common friends.
AND DO NOT CLICK LINKS FROM HIM UNLESS IT IS SOLVED (you can also check comments on his profile)
Comment has been collapsed.