So recently - like a few days ago - my STEAM account got hacked. I believe I know how and have since secured it.
Apparently a friend of mine had their account hacked and had sent out a link saying they got some gift card from STEAM. Using my mobile I wasn’t able to fully view the details in the URL, but because it’s someone I know personally and trusted I opened the link. Came to a STEAM page that required sign in - a bit odd but it did have the authenticator (STEAM Guard) code stuff and all that so I went along. This was done while I was at work - I should have been more diligent.
Got locked out of my account and LITERALLY JUST GOT BACK ACCESS. Reinstalled stuff on my PC and realized my STEAM password didn’t work. Went through and realized it may have been some Russians. Please be careful with links you get - they’re using all kinds of methods to get into your stuff now.
The problem here? I’ve lost ALL of my contacts. Going take time to get back everyone - so if you had me in your list before - please add me back.
Again - be careful.
Found this thread in their community.
Which takes you to this.
You need to log in to see the recent history. As I said - some people from Russia.
So around the 17th they used the link sent out from the compromised account of my friend. Then I logged in thereafter and then they got back and changed my stuff. I’ve raised a ticket with STEAM and will hopefully block them.
Once more. Be careful.
I have to give props to the phishing method though. It involved the use of the STEAM Guard code and then cutting off the user once they got logged in. It’s elaborate and well done.
What I need to find out - which I’ve already asked STEAM support - is what data was accessed and such.
Accessing from desktop would have shown some more info. I checked my browser history on my phone - all of the links from “https://steamcommumutiy.com/” - which has two letters out of place. Well - wrong spelling overall. So it was missed because I was driving.
The site is no longer up - seems to have been taken down. Either by reports made or because they’ve gotten into enough accounts.
There may be others like that in future - so please be careful.
Items in my inventory were transferred out to other accounts. I found the accounts that my items were sent to - and I raised the concern with STEAM. They pointed me to these.
Apparently there’s no recourse for items sent from your account because account security is the responsibility of the end user.
They also said “In addition, we are unable to recover any friends or Community groups that have been lost or deleted.”
I have quite a lot of items lost now. I’ll be making a note of it and seeing how things go.