A kiosk transaction can supposedly be used as proof of ownership in gaining access to an account. I'd say report it to Steam and do not use the added funds.
Lol I'm not doing that. 2fa is how I permanently lost my Microsoft account, and is the only reason I'm on Steam instead of Xbox right now. Back in the old days, nobody knew my password. Now that they demand my phone number as well, some hacker is out there using my phone number which I can't reclaim since I don't have access to the hackers email, and my password doesn't even do anything anymore on sites that know my phone number or email address.
If we can't manually reclaim our numbers, then 2fa is actually zero factor authentication. Keep your old fashioned password, and don't create extra methods of bypassing it.
Crap like this is why I keep all my personal info VERY private, I rarely even give out my phone # because of stuff like this. Now unlike Microsoft, stream will work to get you back in, but you can never be too safe
I'm honestly like 99% sure it was a tech support employee who stole my number. First the system returned an error that said "this number does not exist" and I fought for around 8 months to get them to call me on that number. Then the error started telling me the number was already in use with another account. When I called back, they told me the account was not made in the last 8 months and that I can't remove my number unless I can access the email address that created the fraudulent account.
I have a whole fake identity set up so I never have to give anyone my personal info for any reason. My number got stolen because I entered it into a form on the Microsoft website. The corpos cannot be trusted with our data. Steam doesn't need my phone number.
Did you know your number is - hold onto your pants now - a very guessable string? In fact, probably like 20 people before you have owned it too. It is likely not a fraudulent account, but someone simply having forgotten the number on it post-change, or worse.
No, corpo can't be trusted, but I promise you nobody is using your phone number from a Google form to create an Xbox account lmao
Also.. if they didn't own the number, they couldn't have used it, as most registration services that use it, require verification through an sms. So yes, the number was 99% theirs before you got it.
First off, 2FA is always used with a password. It is not used in exclusion of a password.
That's what the little description of 2fa says but that's not true. Your password is now irrelevant, and the only verification is now your phone number or email address. 2fa is the same as clicking Forgot Your Password every time.
In my case, 2fa was used to deny me access to my account while someone else pretends to be me on a different account. That's not very secure.
Are you trying to gaslight people into being hackable or are you just genuinely ignorant of cyber security?
I would've lost my MS account a long time ago if not for 2FA. The sheer number of global hacking attempts on my account is ridiculous.
Sure, I don't use my phone number as a method of 2FA, but there are many others.
I mean... If your account is protected by a password, then only people with your password can access it. If it's protected by your phone number, anyone who can spam call you can impersonate you.
Are you trying to be dumb? Read my comments again and try to figure out what my issue is with my account. I'm happy to answer any questions you may have.
I don't think you know what 2fa is. It's literally the best kind of security you can get. If you somehow manage to lose your account by doing that, then you have given your account information to people.
Maybe you didn't read my comment. I don't give anyone my data. I gave Microsoft my email address but when I tried to give Microsoft my phone number, someone (a contracted employee, I'm sure) started using my number on their account... now I can't make any purchases or subscribe to online services because I CAN'T put 2fa on my account because an employee already stole my data.
So I'm sure that sending me a text is as secure as a password... but now I'm "secured" out of reclaiming my personal data. 2fa just introduced a huge security flaw into my life.
When you setup 2FA on steam it gives you a special password you can write down to to recover your account if you lose access to the phone number. You’re really risking your account if you don’t have 2FA
I never lost access to my number. I still have the same phone number and haven't been without service. This isn't related to my carrier.
Microsoft gave me an error code that "this number does not exist" when I tried to set up 2fa. It gave me that error until I convinced tech support to manually call my number to verify that it exists. After that, it started telling me that my number was already in use, and the next time I called they could suddenly see that the number is assigned to a different account.
A tech support employee solved the problem but used the opportunity to commit identity fraud instead of helping me.
It's why I don't trust 2fa. It didn't secure my account and is the reason I lost my account. We tolerate its impact on the UX because it's supposed to protect the user but it doesn't do that so why would we tolerate it?
The downvotes are dumb. 2FA and ANY cybersecurity is ONLY ever as good as the person using it. You can't stop people from being idiots, 2FA just gives folk a 2nd chance to not be stupid, but it can also create a second attack vector.
Hey, at least it's not security questions. "What's ur mother's maiden name" lemme just hop on Facebook real quick.
That's not how MFA works. MFA (Multi-Factor Authentication, also known as 2 Factor Authentication 2FA) is something you know (i.e., a password.), something you are (biometrics such as facial recognition, fingerprint, stc.), and something you have (hardware token for example).
This should be the default for all your accounts, when available. Especially the E-Mail that you use for Steam. That needs to be secured tightly and each service needs its own password. Stop slacking when it comes to security. Use KeepassXC or self-host Vaultwarden.
I'm surprised as well. Off the top of my head I can only think of redeeming gift cards and the "Add funds" page as the only ways to add to your wallet.
Ohhh, right. Not exactly Steam kiosks as I'd imagined them - just Steam allowing its accounts to be credited with cash through the same mechanism as old gas accounts and phone cards.
Back in the day when I used to work behind the counter at the local supermarket, pensioners would come in with a handful of shrapnel and put three quid on their gas card to get the heating back on. So I guess it's a similar kind of deal.
You're wrong. This is NOT a Steam kiosk. It's just a software company with a bunch of contracts.
Xsolla never had its own terminals. They usually partnered with Qiwi and Elexnet.
We were talking about Steam kiosks. There have never been Steam kiosks in Russia
Edit: And no, they're not the same thing. They were a simple middleman, with thousands of options for topping up accounts, from phone balances to internet payments.
You can still use xsolla, and many people do, but now they accept bank cards, because almost no one use terminals. They were and are a software middleman.
if you receive funds from an unknown source, just report it to the steam support and don't worry about it too much, they're not dumb and won't give away your account over a random wallet top-up from the other side of the globe
Relax, I'm not asking for it. I'm saying, give you're in this position, there's little point wondering what the chances are (unless you were being rhetorical).
I actually once got sent some steam funds by mistake because my username apparently was close to somebody else. I then got asked to return it which I did, because I had reason to "steal" somebody else's money.
I'm not sure exactly how you send the steam funds to somebody else, but I assume things like that can happen
I've seen this thing happen in cash transfer app scams so often it makes me wonder if Steam has similar vulnerabilities.
The general advice there is to let the platform handle the issue because you sending money "back" is authorising a whole new transaction that can't be reversed.
Change passwords regardless if someone hacked or didnt hack into ur account cause its better to be careful than to be sorry later. Talk to steam after u changed ur passwords
You might have had some trading cards placed in marketplace, I usually do this alot. I always place all trading cards I get from games on slightly lower price than avg on market and instantly get money in wallet, this way I use these to got those super small indie games on sale when amount gets ok enough. Extra cashback for buying games. Since I already have ok enough looking profile I don't need some useless loot boxes.
I have this guy who uses one of my spare emails. He came outta nowhere and I can see anything he buys on xbox. Mostly vbucks and games for him and his friends. Nothing malicious
I would actually go bonkers if that was me. I recently sold all my csgo skins and now I have 870 euro on my account. And for some reason you can't put that in your bank
Someone misspelled their nickname probs. I once received 25 bucks via “kiosk”. I waited for like a month if anything happens, but it never did. And it was like 3 years ago. I’m grateful tbf
Its easy to add funds when you know user's login.
Funny thing, just yesterday I mistakenly send funds to the wrong person. I thought that my friends login will be in the profile URL.
I don't know how it works with Steam in this way, but little unknown deposits like this in a bank account are the first sign of someone trying to steal money. I'm sure it's some kind of test in this situation too. Either way, secure up and contact support immediately. Keep an eye on things and don't touch anything of it just in case.
Click community at the top of steam then click market then my market history. See if you have any listing in the past that had just sold. Sometimes I list items and forget about them for months.
A kiosk transaction can supposedly be used as proof of ownership in gaining access to an account. I'd say report it to Steam and do not use the added funds.
https://help.steampowered.com/en/faqs/view/40A0-8B4B-B54B-C51A
I'd better setup 2fa asap
EDIT:
to all the curious minds - mystery solved
No way you still don't have it, man. Gotta set it up asap and also stop logging in to sketchy looking websites.
If I'd log into sketchy sites I'd have .... 2 bucks at best..
Yeah this seems to be a coincidence, but you'd be surprised how often folks on r/SteamScams do just that LOL
Lol I'm not doing that. 2fa is how I permanently lost my Microsoft account, and is the only reason I'm on Steam instead of Xbox right now. Back in the old days, nobody knew my password. Now that they demand my phone number as well, some hacker is out there using my phone number which I can't reclaim since I don't have access to the hackers email, and my password doesn't even do anything anymore on sites that know my phone number or email address.
If we can't manually reclaim our numbers, then 2fa is actually zero factor authentication. Keep your old fashioned password, and don't create extra methods of bypassing it.
Crap like this is why I keep all my personal info VERY private, I rarely even give out my phone # because of stuff like this. Now unlike Microsoft, stream will work to get you back in, but you can never be too safe
I'm honestly like 99% sure it was a tech support employee who stole my number. First the system returned an error that said "this number does not exist" and I fought for around 8 months to get them to call me on that number. Then the error started telling me the number was already in use with another account. When I called back, they told me the account was not made in the last 8 months and that I can't remove my number unless I can access the email address that created the fraudulent account.
I have a whole fake identity set up so I never have to give anyone my personal info for any reason. My number got stolen because I entered it into a form on the Microsoft website. The corpos cannot be trusted with our data. Steam doesn't need my phone number.
Did you know your number is - hold onto your pants now - a very guessable string? In fact, probably like 20 people before you have owned it too. It is likely not a fraudulent account, but someone simply having forgotten the number on it post-change, or worse.
No, corpo can't be trusted, but I promise you nobody is using your phone number from a Google form to create an Xbox account lmao
Also.. if they didn't own the number, they couldn't have used it, as most registration services that use it, require verification through an sms. So yes, the number was 99% theirs before you got it.
First off, 2FA is always used with a password. It is not used in exclusion of a password.
Second, 2FA that isn't over SMS is vastly more secure. Steam does not support SMS 2FA anyways IIRC.
That's what the little description of 2fa says but that's not true. Your password is now irrelevant, and the only verification is now your phone number or email address. 2fa is the same as clicking Forgot Your Password every time.
In my case, 2fa was used to deny me access to my account while someone else pretends to be me on a different account. That's not very secure.
Are you trying to gaslight people into being hackable or are you just genuinely ignorant of cyber security?
I would've lost my MS account a long time ago if not for 2FA. The sheer number of global hacking attempts on my account is ridiculous. Sure, I don't use my phone number as a method of 2FA, but there are many others.
What do you think the 2 in 2fa means?
Nice try Indian scammer, i Will redeam my Google card
WHY DID YOU REDEEM IT?!
I mean... If your account is protected by a password, then only people with your password can access it. If it's protected by your phone number, anyone who can spam call you can impersonate you.
What IS better 1 password or 1 password + random password? Lets do the math
Are you trying to be dumb? Read my comments again and try to figure out what my issue is with my account. I'm happy to answer any questions you may have.
Maybe Who IS look dumb its not me ;)
No ur lookin pretty dumb bro
Again in English, please.
I don't think you know what 2fa is. It's literally the best kind of security you can get. If you somehow manage to lose your account by doing that, then you have given your account information to people.
Maybe you didn't read my comment. I don't give anyone my data. I gave Microsoft my email address but when I tried to give Microsoft my phone number, someone (a contracted employee, I'm sure) started using my number on their account... now I can't make any purchases or subscribe to online services because I CAN'T put 2fa on my account because an employee already stole my data.
So I'm sure that sending me a text is as secure as a password... but now I'm "secured" out of reclaiming my personal data. 2fa just introduced a huge security flaw into my life.
I don’t think you know how easy phone number spoofing is for hackers trying to bypass 2fa 💀
lol love downvotes with no rebuttal 😂 really puts yall’s lack of intelligence on display 💀
When you setup 2FA on steam it gives you a special password you can write down to to recover your account if you lose access to the phone number. You’re really risking your account if you don’t have 2FA
What happens when I'm not allowed to verify my account because whoever made the fraudulent Xbox account already made one on Steam?
The less these corps know about me, the better. They don't need to match me to my provider. I can be an account number only.
What happens when your username and password gets stolen from a data leak and someone just signs in and steals the account?
Well how did you lose access to your number in the first place? That’s more to do with your phone carrier
I never lost access to my number. I still have the same phone number and haven't been without service. This isn't related to my carrier.
Microsoft gave me an error code that "this number does not exist" when I tried to set up 2fa. It gave me that error until I convinced tech support to manually call my number to verify that it exists. After that, it started telling me that my number was already in use, and the next time I called they could suddenly see that the number is assigned to a different account.
A tech support employee solved the problem but used the opportunity to commit identity fraud instead of helping me.
Fuck man. Sorry. Not really 2FAs fault though.
It's why I don't trust 2fa. It didn't secure my account and is the reason I lost my account. We tolerate its impact on the UX because it's supposed to protect the user but it doesn't do that so why would we tolerate it?
Something I’m not understanding is I’m Perry sure I used my email to set up Microsoft Authenticator, but I can’t remember for certain.
Honestly I wouldn't even assume identity fraud there, kinda sounds like they manually assigned ur number to the wrong account lol.
The downvotes are dumb. 2FA and ANY cybersecurity is ONLY ever as good as the person using it. You can't stop people from being idiots, 2FA just gives folk a 2nd chance to not be stupid, but it can also create a second attack vector.
Hey, at least it's not security questions. "What's ur mother's maiden name" lemme just hop on Facebook real quick.
That's not how MFA works. MFA (Multi-Factor Authentication, also known as 2 Factor Authentication 2FA) is something you know (i.e., a password.), something you are (biometrics such as facial recognition, fingerprint, stc.), and something you have (hardware token for example).
Your an idiot bru😭
Also yes
Should have done that long ago!
And change the password
This should be the default for all your accounts, when available. Especially the E-Mail that you use for Steam. That needs to be secured tightly and each service needs its own password. Stop slacking when it comes to security. Use KeepassXC or self-host Vaultwarden.
Happened to me before I think I had $10 in my account and so I guess someone hacked into my account and bought from their store a bunch of DOTA stuff
There’s Steam kiosks??
I'm surprised as well. Off the top of my head I can only think of redeeming gift cards and the "Add funds" page as the only ways to add to your wallet.
As far as I know they're only in Russia.
There have never been Steam kiosks in Russia. And now it's impossible to add funds to your Steam balance directly.
There absolutely WERE kiosks in Russia that allowed you to add cash to your Steam Wallet. Over 450,000 of them in fact.
https://store.steampowered.com/oldnews/6568
Ohhh, right. Not exactly Steam kiosks as I'd imagined them - just Steam allowing its accounts to be credited with cash through the same mechanism as old gas accounts and phone cards.
Back in the day when I used to work behind the counter at the local supermarket, pensioners would come in with a handful of shrapnel and put three quid on their gas card to get the heating back on. So I guess it's a similar kind of deal.
You're wrong. This is NOT a Steam kiosk. It's just a software company with a bunch of contracts.
Xsolla never had its own terminals. They usually partnered with Qiwi and Elexnet.
We were talking about Steam kiosks. There have never been Steam kiosks in Russia
Edit: And no, they're not the same thing. They were a simple middleman, with thousands of options for topping up accounts, from phone balances to internet payments. You can still use xsolla, and many people do, but now they accept bank cards, because almost no one use terminals. They were and are a software middleman.
They definitely were a thing like...10 or 15 years ago. Not sure if there are any now
What do you mean by kiosk purchase? If I redeemed a steam wallet code or received wallet funds from someone else should I be worried?
if you receive funds from an unknown source, just report it to the steam support and don't worry about it too much, they're not dumb and won't give away your account over a random wallet top-up from the other side of the globe
Oh not unknown, I won a giveaway, but the code was from a third party site and from a currency different than my own. It has been over a year, though.
You should be fine as it’s a code so there isn’t any billing address etc tied to the wallet top up.
Someone typed wrong account name at payment kiosk.
what are the odds of typing
___+ another special characters during account top up?More than zero, according to this?
I'm not giving no clue about my account name...
Relax, I'm not asking for it. I'm saying, give you're in this position, there's little point wondering what the chances are (unless you were being rhetorical).
It's already happening! Respond as necessary
I actually once got sent some steam funds by mistake because my username apparently was close to somebody else. I then got asked to return it which I did, because I had reason to "steal" somebody else's money.
I'm not sure exactly how you send the steam funds to somebody else, but I assume things like that can happen
I've seen this thing happen in cash transfer app scams so often it makes me wonder if Steam has similar vulnerabilities.
The general advice there is to let the platform handle the issue because you sending money "back" is authorising a whole new transaction that can't be reversed.
Is thst sort of thing not a problem on Steam?
I'm honestly not sure. It was 3 years ago so something probably won't happen
erm bulls***
*edit: Anddd checkmate. ✍🏿
Why would it be bullshit? I'm not a person who would just keep money because I can. Obviously if people ask me to return it I'm going to do it.
We'd need to know his actual account name to calculate. But involvement of special characters do increase likehood of mistakes.
I heard few times already, that it could be used to steal an acc. Its always safer to just report that to steam support.
Whoa, it was me. Return them with a $2 porn game to my account.
I've already bought futa mansion sims addon
My man
Change passwords regardless if someone hacked or didnt hack into ur account cause its better to be careful than to be sorry later. Talk to steam after u changed ur passwords
You might have had some trading cards placed in marketplace, I usually do this alot. I always place all trading cards I get from games on slightly lower price than avg on market and instantly get money in wallet, this way I use these to got those super small indie games on sale when amount gets ok enough. Extra cashback for buying games. Since I already have ok enough looking profile I don't need some useless loot boxes.
Bruh, did you at least looked at screenshot?
Reminds me when a Russian guy hacked into my account and stole all of my money… it was like 0.04 cents
great syccuss I guess
I have this guy who uses one of my spare emails. He came outta nowhere and I can see anything he buys on xbox. Mostly vbucks and games for him and his friends. Nothing malicious
I would actually go bonkers if that was me. I recently sold all my csgo skins and now I have 870 euro on my account. And for some reason you can't put that in your bank
I would like to know if you manage to solve this
I did. I've setup a monthly ~2$ auto top-up starting from January 2026 half a year ago and forgot about it.
I'm feeling dumb but relieved..
Lmao, it happens, make sure to setup that 2fa tho, its very important
You should also clear web hooks or whatever its called, there could be a bot sitting on your account terminating your steam support requests
Someone misspelled their nickname probs. I once received 25 bucks via “kiosk”. I waited for like a month if anything happens, but it never did. And it was like 3 years ago. I’m grateful tbf
Its easy to add funds when you know user's login.
Funny thing, just yesterday I mistakenly send funds to the wrong person. I thought that my friends login will be in the profile URL.
your welcome
I highly, highly suggest Proton. I believe they have a 2fa app and their password manager has really helped me
I don't know how it works with Steam in this way, but little unknown deposits like this in a bank account are the first sign of someone trying to steal money. I'm sure it's some kind of test in this situation too. Either way, secure up and contact support immediately. Keep an eye on things and don't touch anything of it just in case.
yeah check your inventory, and report to steam not a good sign
Did you ever put up an in-game item up for sale and you just forgot about it? Maybe
nah. It was way simpler..
Open a case
Stream it
Click community at the top of steam then click market then my market history. See if you have any listing in the past that had just sold. Sometimes I list items and forget about them for months.
WOO! you're rich. 😂