UPDATE: Steam has provided the following statement to ComicBook:
Videos by ComicBook.com
“Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determinedย this was NOT a breach of Steam systems.
Weโre still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.
The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.
From a Steam perspective, customers do not need to change their passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at https://store.steampowered.com/account/authorizeddevices.
We also recommend Steam users set up the Steam Mobile Authenticator if they havenโt already, as it gives us the best way to send secure messages about their account and that accountโs safety.ย “
The original story follows below.
Millions of Steam accounts could be at risk following a data leak. Steam is one of the biggest platforms in the world of gaming and is the platform of choice for PC gamers. It has all of the best games in one spot with a lack of predatory features. It’s easy to use and is widely adopted by publishers around the industry, including ones that have their own launchers. On top of that, Steam Deck also allows user extended access to their library on the go. It’s a great piece of hardware that has not only been helpful for active users, but also brought in new ones who want something powerful on the go.
They’re extremely customer friendly, even offering refunds for players if they decide they don’t like it or it doesn’t meet acceptable standards. They’re pretty generous about this and while not everyone will get one, it’s pretty easy to get your money back if you are unsatisfied. Steam is also renowned for its security. It’s rare (if ever) that you hear Steam has suffered any kind of hack or breach. There are scams where users can get their accounts hijacked, but Steam does everything in its power to quickly recover those accounts and mitigate the damage. It’s not just the most trusted gaming platform on PC because of all of the games, but because of how much Valve cares about protecting its users and keeping them as happy as possible. Unfortunately, though, they can’t protect against everything.
It has been reported that a vendor that worked with Steam has suffered a data breach that could affect 89 million Steam users, an overwhelming majority of the userbase. This report comes from a LinkedIn post from Underdark AI which claimed that someone on the darkweb was trying to sell Steam user records on the dark web. Early reports feared that this could include usernames, passwords, and other highly sensitive data, but it has since been claimed that the info is nothing more than phone number and expired one time use codes for two-factor authentication. IT expert Christopher Kunz stated that these could be used for a phishing scam, but it is highly unlikely any of this info could be used to take over your account otherwise.
“This is interesting info for criminals who want to do a large-scale Steam phishing campaign, but it’s hardly a reason to change your Steam password or otherwise panic,” said Kunz. “Yes, this sucks, but I cannot see any other use than phishing campaigns from the data that I’m seeing.”
It still doesn’t hurt to change your Steam password and take advantage of 2FA or Valve’s Steam Guard app, which allows players to protect their account from unauthorized access. It would be wise for other users to be more vigilant about phishing scams and to double check any sort of texts they may get about accessing their Steam account, especially if its not authorized by you. Either way, your account should be safe and sound for now.
