Steam Accounts Safe After $5,000 Leak Threat

Valve Corporaation has confirmed that its systems were not breached after a dark web monitoring group posted a suspicious message offering to sell data of over 89 million Steam users on LinkedIn.

The message from the threat actor, known as Machine1337, claimed to have accessed and sold user records of more than 89 million Steam users for just $5,000. The actor also shared "sample data" with interested parties via Telegram, sparking widespread Panic among Steam users.

However, in a statement released on its official blog, Valve clarified that the leaked data consisted of older text messages that included one-time codes valid only for 15-minute time frames and the phone numbers they were sent to. The company assured that these old messages could not be used to hack any Steam accounts as they do not associate the phone numbers with any Steam account or contain passwords, payment information, or other personally identifiable data.

Valve also stated that users should not panic and do not need to change their passwords or phone numbers. Instead, the company recommended that users set up the Steam Mobile Authenticator app to enhance account safety. With this application in place, users can receive a code whenever they try to change their email or password using SMS, further safeguarding their accounts.

Further investigation suggests that the leak may have originated from the cloud communications company Twilio, which is handling 2FA codes for Steam. However, Valve has firmly denied that its systems were breached.

In light of this clarification, Steam users do not need to change their passwords or phone numbers and can safely continue using their accounts as usual with the newly recommended Steam Mobile Authenticator app in place.