how to protect your API key?

My son got robbed on Steam loosing items worth eur 1.200 and Steam is not doing anything about it. On the contrary they close down our tickets and delete our posts in the community.

The robbery was extremely sofisticated and even I would have made the same error as my son did. We are still not quite sure how the robbery was done in spite of two factor autorization but it seems to be a stolen API key.

So how can Bitdefender help me because I could potentially make the same "mistake" not knowing it and get robbed again?



  • Flexx
    Flexx Defender of the month mod

    It's definitely frustrating when a company like Steam doesn't seem to be interested in helping you.

    It sounds like the robber may have gotten your son's API key through a phishing attack. Phishing attacks are emails or websites that look like they're from a legitimate source, but they're actually designed to trick you into giving up your personal information. In this case, the robber may have sent your son an email that looked like it was from Steam, asking him to enter his API key for security purposes. Once he entered his API key, the robber was able to use it to access his Steam account and steal his items.

    Bitdefender can help you protect your Steam account from phishing attacks by using its anti-phishing software. This software scans emails and websites for known phishing scams and warns you if you're about to enter your personal information on a malicious website. Bitdefender also offers a password manager, which can help you create and store strong passwords for all of your online accounts. This will make it much harder for hackers to get into your accounts, even if they do get your API key.

    In addition to using Bitdefender's security software, here are some other things you can do to protect your Steam account:

    1) Never enter your API key on a website that you don't trust.

    2) Be careful about opening emails from people you don't know.

    3) Keep your Steam software up to date.

    4) Use a strong password for your Steam account and don't share it with anyone.

    5) Enable two-factor authentication for your Steam account.

    By following these tips, you can help protect your Steam account from hackers and prevent future robberies.


    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • Hi,

    Thank you for your explanation but it is not helping me.

    First of all my son did not receive or open any e-mails. Second, he was already using two-factor autentification on Steam.

    What happened was that he entered a site to register to a game tournament (CSGO). This site was probably a fake site - the site informed my son that in order to join the tournament he had to login to Steam. My son did that on the Steam app with two-factor autentification but then suddenly my sons items were transferred to an unknown account without any actions taken by my son. My son did not make the transaction and he did not approve it.

    To my understanding the fake site got access to his API-key without his knowledge and used this to send all my sons items to another account. This seems extremely sofisticated as it had to bypass the two-factor autentification and make actions on my sons Steam account. Steam could stop this easily by cancelling the transfer because transfers are blocked 7 or more days before the receiver can use them. Why would my son give away items worth eur 1.200 to a total stranger?

    You write that Bitdefender would warn about phishing - nothing came up! So how could the robbers steal the API key and bypass Bitdefender?

    After this incident both my son and I feel extremely unsafe. Eventhough that I have experience with programming and take meassures to protect myself I would probably make the same steps that my son did. So how do we avoid this in the future?


  • Flexx
    Flexx Defender of the month mod

    You can try contacting the bitdefender support by visiting and scroll down to the bottom of the webpage where you can get in touch with support representative either by email, chat or over a call.

    Alternatively, you can also share your query with bitdefender support team by dropping them an email at [email protected]

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    But I think bitdefender support can hardly do anything in this situation and you will have to contact steam support again as they will only be able to help you regarding this. You can go to steam twitter or facebook page and ask your query there if the support is closing your case.


    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • Hi again,

    Thank you for your guidance. I will try to contact Bitdefender in order to get an answer why Bitdefender security did nothing in order to prevent the attack and what I should do in the future.

    Regarding Steam I have tried all possible contacts but I am just being deleted. Found out that Steam apparently is Russian so in these days this might explain their behaviour. What is scaring is that all young people use Steam and it seems that reports of robbery is increasing.