Scammers are paying for Google Ads which appear to link to Leetify, but they actually link to an impersonation site which is designed to steal your Steam login info. If you click on one of these ads, you'll be taken to a fake version of Leetify hosted on a domain that's not leetify.com
This scam has been targeting web applications for years, unfortunately. We are just the latest platform to get hit by this. A great way to battle it is raising awareness. If the scammers aren't making enough money from the scam to pay for the cost of advertising, then the problem will go away.
How do I know that I've been compromised?
If you visit Leetify directly at https://leetify.com or click links from our Steam/Discord bots, you're probably in the clear. This scam only impacts people who google search "Leetify" and then click on the sponsored scam link, and enter their Steam credentials there.
If any site where you've entered login credentials behaves suspiciously, check your history (Ctrl+H on most browsers).
If you see any domains that look like impersonations, you may be at risk. If you typed login credentials on a domain that's similar but not identical to the intended site (i.e. leetifui.com or leetify.co) then your account is in danger. Take steps to secure it immediately.
Leetify only uses the domain leetify.com. Do not enter login credentials on any other site, and please report any impersonations to [email protected]
If your account got compromised:
- Change your Steam password (guide)
- Deauthorize all devices you have authorized on Steam Guard (guide)
- If you've already lost access to your Steam account, take these steps to retrieve your account.
Preventative measures
We know of one foolproof way to avoid getting your account stolen:
If you ever get a prompt to type Steam account details when signing in on any 3rd party site, close it and go to https://store.steampowered.com/ to log in there instead. Then go back to the 3rd party site. If it's still asking you for login details and not just giving you a straight up "Sign In" button, something is wrong.
Don't type your Steam credentials unless you're absolutely positive you're on Steam's official site. Steam's official URLs are https://steamcommunity.com and https://store.steampowered.com/.
You can also reduce the odds of a mistake leading to you completely losing your account if you follow Valve's account security recommendations.
Leetify's only URL is https://leetify.com/. If the page you're on doesn't exactly match, do not enter login info. Never click on an advertisement link if you do use Google to search for Leetify or other brands.
Reporting these scams
If you see an ad that doesn't take you to Leetify.com when googling "Leetify", we'd really appreciate if you report them to Google so they get taken down. Click the "..." menu and then "Report ad".
Why does Leetify offer the "Sign in with Steam" option?
When you sign into Leetify using Steam, you're not actually allowing Leetify to access your Steam account. Steam is just a trustworthy source that can verify that you're definitely you. When you confirm your identity with Steam by logging into your Steam account, they will tell Leetify "yep, they are the user they say they are." This is common practice on the internet (you see the "Sign in with Google" button everywhere).
This can actually improve security, since you're entering login info less frequently. It's harder to provide a scammer your login details if you're rarely actually typing your username and password. Combined with 2-factor authentication on the trustworthy source, you have a convenient button that makes it easy for you to login to all of your various accounts, but hard for scammers to gain access dishonestly.
An added benefit of using Steam specifically is that this confirms your identity in CS2. This allows us to associate your Leetify account with the SteamID that you're playing your CS2 matches with.
To learn more, you can do research on single sign-on authentication.