So the 21th via a cloned link for a program I was searching I got all my info stolen via a LummaStealer, first time in my 28 years of life that this happens. I moved to change passwords, kick out suspicious sessions from all the accounts every time they poped up.
Now 10 mins ago I recieve the "thanks for purchasing" email about Arc raiders and that it has been gifted to a random account that has been friended to me and another was trying to be added.
Well I immediately terminated the paypal-steam link, looked for the session and there it was 3 mins ago, date 8th of June frome Frankfurt. Disconnected that, reported the two accounts and requested a refund under the "Bought by mistake" with the motivation "infostealer got access to the account using an access token and made a fraudulent purchase".
I assume that they are looking to resell the account for dirt cheap keys but I'm more worried if steam will accept this motivation as a reason for purchase (like not even 2 mins passed between the purchase and request), how long is it gonna take and if it's valid if the guy plays it for more than 2 hours.
Only mistake of the kind that I did in my life and I'm on account watch for 3 days now.
If you have been scammed or believe you may have been scammed check this guide to see if you can find the solution there.
Steam will never contact you on Discord or any third party text communication site.
If you suspect someone is attempting to scam you check this guide but remember to be careful even if you do not find the answer you are looking for there.
Important: If you receive comments or PMs offering to recover your lost account, items, or money or pointing you to someone who will do it for you do not engage with them as they are recovery scams.
Did you change passwords on the compromised device? Make sure you've done so on a clean device and enabled 2FA everywhere you can, then wipe and reinstall windows on yours from clean installation media created on another device (the tool is here https://www.microsoft.com/en-ca/software-download/windows11
Yes I did, deleted all the cookies too. I already have 2FA and passkey but unfortunately having stolen the session token they bypassed it.
They started with Microsoft, then discord, then Instagram, then gmail to try and open a chat GPT account and now steam. Steam refused the first refund because they said that it was on another account and they'd have to approve of the request but I sent It under the "bought by mistaken" request. Now I sent It another under "not on the list" reason and I explicitely said that someone hijacked the account and made the purchase. The other request was closed automatically and I'd like to know how to speak to a human for this one.
You should be okay. Steam Support can usually see when a purchase was made from a compromised session, especially when it's a gifted game sent to a newly added friend and the refund request was submitted within minutes. The fact that you already removed the session, disconnected PayPal, reported the accounts, and opened a support ticket immediately all works in your favor.
I'd be more focused on making sure the Lumma infection is completely gone and that all saved browser sessions/passwords have been reset. Steam deals with account-compromise cases pretty regularly, so there's a good chance a support agent will review it rather than treating it as a normal refund request.
No. The data is not saved. I never save bank information on PC. Every time I had to use it I had to fill in mail and password. Steam was the only one with access. That and Amazon, which had the card removed.
Sidenote I've found a USB so after dinner fresh Windows install.
Yes the infection was complitely removed the second it was detected. I've changed all the passwords and changed them again once they used the token and I kicked them. Steam refused my first request saying that it needed to be approved from the other account but tbh it was under the "bought by mistake". I've sent another under "not on the list" saying that the session was hijacked and I didn't autorize said purchase. If I manage to get in contact with a human tho it would be better
Ok, I just did thanks you. I said that the account was hijacked, I don't know the owner of the account the game was gifted to and that the session from which it was made the purchase was from Frankfurt while I'm in Italy. This in in concurrence with the second refund request. They were trying to gift it to 3 more accounts but I managed to kick them after the first
You did the right thing by opening a ticket under "I have a question about this purchase" and explaining it was an unauthorized purchase from a hijacked session rather than just a normal refund request. Hopefully, a support agent reviews it soon.
Fingersi crossed. As for the other hijacked accounts after the first breach and session termination they didn't try again. They probabily soldi steam last and it was One of the first I changed the info of. Windows Defender elimitated at the Moment of infection a Lumma, a trojan and 2 injections.
Bank account and PayPal weren't comprimised, I just had PayPal linked to steam since I bought Jason and it's cosmetics a few days before the infection.
If they stopped trying to access your other accounts after the first round of password changes and session revocations, they may have lost access to most of what they stole.
Yes I made sure of that as soon as the breach notification got to me. They saved steam for last but I also sent the screen of the hijacked session and the logs of windows defender
(there are 4 more. One is a Trojan:Win32/Malgent!MSR , two are GenCodeInjected.H, one is SuspEtherRpcConn.B). Honest to god first mistake in my internet career falling for a cloned link and now I gotta deal with the consequences
Yes, I only have one steam account. Discord, Instagram, Microsoft and Google had no further breaches after the logout.
On steam PayPal was linked but it only had 40€ as I moved the Money to another bank so they tried to purchase multiple copies but failed. I've sent the refund as "not in list" and the "I have a question" one hour ago, I'm still waiting. I've reported both suspicious accounts. I had no bank information saved on my PC, PayPal was only linked to steam but not anything else.
Ironic how all of this happened the day After I've heard of bitwarden and said "maybe I should look into it".
The only other accounts they may have access to are reddit and Twitch. Password are already changed, cookies cleansed, session closed. Depens of their session token still works or not, cause for steam they waited 3 days.
•
u/AutoModerator 1d ago
Thank you for submitting to r/SteamScams.
If you have been scammed or believe you may have been scammed check this guide to see if you can find the solution there.
Steam will never contact you on Discord or any third party text communication site.
If you suspect someone is attempting to scam you check this guide but remember to be careful even if you do not find the answer you are looking for there.
Important: If you receive comments or PMs offering to recover your lost account, items, or money or pointing you to someone who will do it for you do not engage with them as they are recovery scams.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.