David Bridges
Update May 14, 6:38PM ET: Valve has officially confirmed that the Steam systems were not compromised, and no user data has been accessed or stolen by malicious actors. The company provided detailed clarification in a recent Steam blog post:
“We are actively investigating the source of the leak. Complicating matters is the fact that any SMS messages are unencrypted during transit and are routed through multiple providers before reaching your phone. The leak involved older text messages containing one-time codes that were valid only for a 15-minute timeframe, along with the phone numbers they were sent to. Importantly, the leaked data does not link the phone numbers to any Steam accounts, passwords, payment information, or other sensitive personal data. Therefore, these old text messages cannot be exploited to compromise the security of your Steam account.”
Our original story continues below.
Recently, it has been reported that Steam may have experienced a significant data breach over the past week. While details remain scarce and challenging to verify, a known hacker has claimed to be selling a database containing more than 89 million user records from the gaming platform, including one-time access codes obtained from a third-party vendor utilized by Steam. If this information is accurate, it would encompass data related to over two-thirds of Steam’s user base.
An initial post on LinkedIn that identified the breach suggested the leaked data originated from the cloud communication company Twilio. However, a representative from Steam clarified that the platform does not utilize Twilio, implying that if a breach has occurred, it could be through a different vendor responsible for providing SMS codes for access.
While the situation remains uncertain at this stage, this incident serves as a crucial reminder to evaluate your online security practices. In relation to Steam, the company offers a mobile authentication program known as Steam Guard, which is designed to enhance the security of your account. Additionally, it is wise to regularly update your passwords, especially given that some aspect of Steam Guard may have contributed to the current security concerns. Utilizing a password manager can simplify this process. Since it appears that phone numbers may have been compromised, be particularly vigilant against potential phishing attempts via text messages.
If you make a purchase through a link in this article, we may earn a commission.
Ethan Carter
