This situation is really bad!!
This situation is really bad!!
So, last night...
around midnight Pacific, I was contemplating...
"Wow, sleep isn't working, I'll jump into Black Desert Online."
Seeing a new message on Steam caught my eye—it came from an old friend.
I opened it and noticed the link was from a site claiming: "New accounts get 1 free gift game, click here: Gift-Key.com."
I went through the page for a bit, found it seemed like a Steam-themed G2A, and with the "Login via Steam" option, I decided to sign up.
After logging in, I was logged out of my PC client, phone app, and after checking my email, I found two really strange things...
I didn’t even open them—the subject lines were all suspicious...
Steam Mobile Authenticator was deleted!
My phone number was also removed!
HOW DID THAT HAPPEN?
I had no idea you didn’t need the phone or the authenticator to make it disappear...
It was done in under a minute at 12:35.
Spoiler
Like the 12:37 post, I logged into my Steam Server on my PC just to check if I was online...
I wasn’t online, but I must have been invisible—I was still sending links to the site by the hijacker.
Spoiler
As seen in the 12:37 entry, I tried logging into my Steam account on my PC to see if I could appear online...
I wasn’t online, yet I felt invisible, because I was still forwarding links to that site.
Spoiler
From the search results, it became clear my account was sharing the link, just like when I first got it—only now the URL changed... and I haven’t clicked it yet.
I found a way to lock my account after searching online. It wasn’t very clear how, almost as if they wanted to confirm I hadn’t forgotten my password. But I didn’t take a screenshot of the email.
The change was noticeable: the name now had two decimal points before @gmail.com and started with an 'i' instead of a 'K'.
Fortunately, my email remains secure. This whole process happened through Steam’s secure login system—though insecure.
It was in that email I learned it was another Russian hacker targeting my Steam account. This was the first time my account had been compromised from here.
So far, three times my Steam account has been hacked.
Spoiler
After locking it and submitting the recovery request, I woke up this morning to find out—I’d been recovered!
Spoiler
I had a few worries...
First, I had serious doubts about how Steam Guard was disabled and how my phone was removed without any confirmation from either side.
Second, I wondered if an investigation would follow.
And notice how there’s now a fun yellow notification?
Spoiler
Yes, the hijacker launched PUBG from my account using an illegal program and ended up banning me.
To be honest, I’m not too worried about being banned from PUBG—it’s just a game with little entertainment value for me, and it brings back painful memories about someone else.
Plus, I’ve already tried returning it months ago, but the time limit had passed, and I only have about four hours of playtime left.
Still, I’m not too concerned about being banned from PUBG. The game doesn’t hold much emotional weight for me, and it reminds me of a negative experience with someone else.
Moreover, I’ve already attempted to reverse the ban, but it’s too late, and my account has only a few hours left.
But I’m frustrated because I feel like I’m being punished just for being a victim.
This seems ridiculous. Regardless, I’ll file a complaint, explaining everything and attaching screenshots as I have now.
I’m really tired and haven’t slept much. I need to go to work in a few hours for the late shift delivering pizza.
That’s about it for my story.
I’m still shocked that the phone and guard were removed so easily.
Just using this as a warning to other players: don’t click random links. But it was from a friend, the site looked legitimate, Steam offered a login option, and there was no protest from Steam about going to the site.
I wasn’t expecting what happened. Less importantly, I’m not being held accountable for it—it’s never happened before, and it happened so easily that I’m still amazed at how insecure Steam is.
Lol, you really didn't see it coming when you ended up on a sketchy site that claims too much?
The initial error, the subsequent one, and the final mistake are all clear. The warning should have been instantly apparent, given the compromised state of your friends account. Everyone on your friends list likely received a similar message from you.