A significant security issue exists in Steam. This topic is discussed by LTT and Veritasium.
A significant security issue exists in Steam. This topic is discussed by LTT and Veritasium.
It was quite a tricky job they had with tricking your SIM card.
Steam remains the top choice for two-factor authentication for many years.
I removed my phone number from my account, and the Steam app also vanished along with it. I had to purchase a new SIM card to get the Steam app working again.
If you think it was a swap during a swim, reach out to your phone service provider and inquire about recent account updates. Also, check your devices for any malware, particularly since other accounts were also affected. Have you received any unusual files or clicked on questionable links? Were you using Steam Guard (Steam’s mobile authentication app)? It’s likely the phone number is only used for password resets, not for 2FA during account access or marketplace transactions. If you didn’t have Steam Guard active, attackers could have logged in with just your email and password, bypassing any second factor. Marketplace payments should be paused for 15 days without Steam Guard enabled. With it off, transfers would be blocked for 7 days. If they managed to change your Steam Guard settings, those transfers would have been held for 7 days. It’s possible malware was used to steal your login details, including the token that activates Steam Guard, allowing access to your account. However, marketplace trades would still require approval via the Steam app or a 15-day hold, so it’s unclear how they’d proceed without app access.
I'm also feeling uncertain, but I'm currently checking for malware. What made me think it was a SIM spoofing attack was that my Telegram was hacked, and nothing else showed any signs of activity. At the time, my Telegram was unsecured—just my phone needed to access it. I've since protected it. I've gone through my entire email inbox just to confirm, and aside from the theft, there were no notifications or anything unusual, which is really strange... What could possibly be happening? Could it be a specific malware targeting two apps? I haven't clicked any suspicious links, and I only use a few websites. Plus, I was asleep when it happened, so I couldn't stop it. After checking Steam support, I can't get a refund for the fraudulent transactions, so I had to try another approach—probably scan my PC with Malwarebytes or something similar?
I focus more on your smartphone than your SIM card or PC. On Steam: - You can purchase and trade directly from the Steam app on your phone, you’ll receive a confirmation prompt on the same device... All in one place. Telegram: - If the hacker has your phone number... When they attempt to log in from a different device, Telegram sends a verification code that matches the authorized phone (your own). From what I see, it’s much more likely your phone is affected... Any roommates with tech skills?
I didn’t have any roommates and verified the device using Play Protect and Malwarebytes. No issues detected.
I've received the only reply from support, but it arrived very late and is completely unsatisfactory. What is the expected wait time for a 24-hour period if I need to recover the stolen funds? After this message, I haven't heard anything at all. Plus, it came in at 3:30 AM when I was asleep.
I understand the point in a similar way to Steam. They can't refund your money directly—those transactions are usually private sales. There seems to be a theft involved, but it’s more about the risk of loss than a clear case. The company would likely share any available information with authorities, possibly identifying the IP addresses, which could help track down the offenders. Steam probably knows the suspects’ IPs and can assist in investigations through police or legal channels. In short, unless you put significant effort into recovering it, the money is likely gone.
they keep the funds locked up for a minimum of 24 hours before the transaction goes through, apparently to avoid this exact scenario. Yet somehow I was denied access even though I submitted my complaint within that timeframe. Now the support team is still refusing me after more than 20 hours! What kind of customer service is this?!