Steam compromises are high-impact because attackers can liquidate inventory, place fraudulent listings, and target your friends list.
Recovery should run in parallel tracks: regain control of sign-in and halt market or trade abuse before additional loss occurs.
Contain account and inventory
- Secure the email account tied to Steam (new password, 2FA, review recent sign-ins, and check forwarding rules).
- If you can still sign in, change your Steam password and deauthorize other devices.
- Check recent trades, active trade offers, and market listings for unauthorized activity.
- Review Steam Guard and phone number settings for changes you did not make.
- Remove any unfamiliar web API key or third-party access that could control trades.
- If you cannot sign in, use Steam Support’s official recovery flow and provide strong ownership proof.
| What you notice | What it often means | Priority action |
|---|---|---|
| Steam Guard emails you did not request | Someone has your password or is trying it | Secure email, change Steam password, enable Steam Guard |
| Items disappear or trades/listings appear | An attacker has session access and is liquidating inventory | Deauthorize devices, revoke trade access, contact Steam Support |
| You cannot sign in and email seems changed | Account details were modified to lock you out | Recover email if possible, then use the official stolen account flow |
Key idea: Steam recovery depends on email. If your email is compromised, recovery loops and inventory loss continues.
Step 1: Secure the email account used for Steam
Steam recovery is built around email. From a trusted device:
- Change your email password and enable 2FA.
- Review recent sign-ins and sign out of unknown sessions.
- Check forwarding and mailbox rules that could hide Steam alerts.
Related: Common password mistakes.
Step 2: If you can still sign in to Steam
Change your Steam password
Use a unique password. If you reused it on other sites, change those accounts too. Password reuse is one of the most common causes of repeat compromises.
Deauthorize other devices and sessions
Attackers often keep access through an existing session. Deauthorizing devices cuts off unknown logins that are still active in browsers or on another machine.
Contain inventory loss
Attackers target inventory because it can be monetized quickly. Review:
- Recent trade history and active trade offers.
- Market listings you did not create.
- Profile changes that could be used to impersonate you.
Do not: Accept trades or click links sent by “friends” during an incident. Friend accounts are often compromised next, and attackers use social trust to escalate.
Protect your friends and your reputation
Attackers commonly use a compromised Steam account to message friends with scam links. That creates secondary victims and makes recovery harder. After you regain access:
- Tell friends to ignore links from your account during the incident window.
- Check your recent chat history for messages you did not send.
- If you belong to communities or servers, warn moderators if impersonation is ongoing.
Remove trade automation and third-party access you do not trust
Some users have trading bots, marketplace logins, or web API features enabled. If you do not recognize what is enabled, remove it and re-enable only what you truly need after recovery. Fewer integrations means fewer ways back in.
Re-enable and harden Steam Guard
Steam Guard is one of the strongest defenses against repeat takeovers. If it was disabled or changed, re-enable it and ensure the authenticator is tied to your device.
Step 3: If you cannot sign in to Steam
Use the official Steam Support flow. Avoid third-party “recovery services” and random sites claiming they can unlock your account.
- Start from help.steampowered.com and choose the account access option that matches your situation.
- Provide ownership proof only through Steam’s official forms.
Safety note: Steam Support will not ask for your password, and they will not handle recovery in an unofficial chat or Discord DM.
What ownership proof usually looks like
Ownership proof varies by region and account history, but it often includes purchase history and payment details tied to the account (share only what the official flow requests). If you still control the original email inbox, that is often one of your strongest signals.
Step 4: Identify the entry point so you can stop the repeat compromise
Steam incidents often start as scams, not technical hacks. Prevention depends on the entry point.
- Phishing: you signed in on a lookalike page (often free skins, tournaments, or a fake appeal).
- Malware: you installed unknown software, cracked tools, or a cheat that stole passwords and sessions.
- Credential stuffing: you reused a leaked password and attackers simply tried it.
Decision rule: treat PC compromise differently
If you see compromise on multiple accounts, or you keep getting re-compromised after password changes, treat the PC as compromised until proven otherwise. Changing passwords on an infected machine can leak the new credentials immediately.
Step 5: Clean the device and reset your baseline
If you recovered your account on a compromised PC, you are still at risk. After recovery:
- Update your operating system and browser.
- Remove unknown browser extensions and revoke saved passwords you do not trust.
- Run a reputable malware scan. If you have strong indicators of a password stealer, a full reinstall is often safer than attempting cleanup.
- Enable 2FA for the email account used for Steam and any payment accounts tied to purchases.
If multiple accounts show signs of takeover, use: Been hacked? What to do first.
Scope check: How to check if you’ve been hacked.
Prevention baseline: How to protect your online information.
Common questions
Can I get my items back?
Support outcomes vary and can be time-sensitive. Your best move is to document the timeline (trade history, listings, screenshots) and contact Steam Support quickly through the official channel.
Should I pay someone who claims they can recover it?
No. Recovery should go through official Steam Support. Paying “helpers” creates additional risk and often leads to more fraud.
When is it safe to trade again?
Trade again only after you have secured email, changed the Steam password, deauthorized devices, re-enabled Steam Guard, and cleaned the device used to sign in. If you skip device cleanup, attackers can return through the same session theft path.
Steam recovery is about speed and containment. The short-term goal is to cut off sessions and stop inventory loss. The long-term goal is to fix the path that enabled the takeover, usually a weak reset channel (email), password reuse, or a compromised device.
Once those are hardened, your account becomes far less useful to attackers. They prefer accounts they can retake repeatedly, not accounts that force them through strong 2FA and clean devices.
A stable end state looks boring: Steam Guard is enabled, the email inbox is clean, third-party trading access is minimal, and your PC is updated. That boredom is what keeps the next incident from happening.