After alarming reports surfaced of89 million Steam accounts being compromisedand personal data being sold on the dark web,Steamhas made a statement to reassure its users that their accounts are completely safe. However, Steam does confirm the leak, and stated that it contains"one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to."
Over 89 Million Steam Accounts Said To Be Compromised In Data Breach
The data is said to be up for sale on the dark web.
Steam is investigating the source of the leak, and suspects it began with acell phone provider. “SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.” Steam saystheir systems were not breached, and that you don’t have to worry about changing your passwords or phone numbers.
Steam Users Data Potentially Being Sold On The Dark Web
Cybersecurity company Underdark posted on Linkedin.com about the data leak, even sharing a screenshot which appears to show someone attempting to sell the data on the dark web.
“The implications here are serious — Steam isn’t just a game platform; it’s a treasure trove of personal and financial data tied to users worldwide. If this breach is verified, it could lead to widespread phishing, account takeovers, and targeted attacks across the gaming community.” -Underdark.ai (ViaLinkedin.com)
Underdark later updated the post, saying"The data includes message contents, delivery status, metadata, and routing costs — suggesting backend access to a vendor dashboard or API, not Steam directly."
It appearsUnderdark was able to obtain a sample of the leaked data. “Following our initial post on the claimed Steam data breach (89M+ users), new evidence confirms that a leaked sample contains real-time 2FA SMS logs routed via Twilio.”
Underdark calls it “a supply chain compromise, putting user security at risk via phishing or session hijacking.” So it’s possible Steam users could receive some spam texts as it has been confirmed that phone numbers were included in the leak, but it seems as though the leak is surface-level and doesn’t pose a real threat.
While we can’t be sure what the implications of thisleaked datawill be, if any, Valve cautions users to alwaysbe suspicious of any security messages you didn’t request, butreassures usersthat their Steam accountshave not been hacked.
“The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data.Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.” (viaSteam)
Valve recommends setting up theSteam Mobile Authenticatorto add an extra layer of security to your Steam account just to be safe.
Leaked Stellar Blade Trailer Confirms PC Release Date And Upgrades
One of the best RPG’s of 2024 is keeping the momentum going.
