Good news, everyone!
Last week, a report on LinkedIn claimed that Steam had a massive data breach, effecting the account information of over 89 million users, with that information potentially being on the dark web. Thankfully, Valve has recently confirmed that that is not the case.
You may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.
We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.
The original report came from LinkedIn user Underdark.ai, which was picked up shortly after by Mellow_Online1 over on Xitter. The post claimed that a dark web user claimed to have a dataset of over 89 million steam user accounts, with plans to sell it for $5,000. They also claimed to have “sample data” as proof, along with a Telegram number for any interested parties to call.
Valve, however, notes that all they have are logs of text messages, which come when you log in to Steam with a 2FA code. As these codes expire after 15 minutes, any alarm over this is unfounded. They don’t include any information tied to your Steam account, password, payment information, or any other personal data, though they do have a tie to your phone number.
The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.
You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at
All that aside, it’s still a good idea to secure any accounts you have, including your Steam account. 2FA is a good start, though a password manager can help if you want to use more complex, difficult to remember passwords for things that are harder to crack. It’s also a good idea to link your Steam account to the Steam smartphone app, as it allows you to manage and check on things (like authorized devices) to help ensure no unauthorized actors have weaseled their way into your account.
Source: PC Gamer
About Author
