False alarm on Steam. Your s are safe, Valve says
Rumors appeared that the data of 89 million s of Steam had been leaked. Valve has addressed the situation.
Update #2 (May 15, 3:38 pm PT)
Valve addressed the issue, confirming that there was no breach of the Steam systems. However, the leak did happen - it includes older text messages with one-time codes (valid for only 15 minutes) and the phone numbers they were sent to.
We received assurance that this data cannot be linked to your Steam , , payment information, or personal data. As a result, they cannot be used to attack a Steam , and moreover, any attempt to use such a code to change the email address or results in an appropriate notification.
Even though the source of the leak is still being investigated, it might be difficult to find out because SMS messages are not encrypted when sent and go through many operators. Valve doesn't recommend changing your or phone number. Nonetheless, the company recommends treating any messages related to Steam security, which you did not request yourself, as suspicious, and also advises using Steam Guard.
Update #1 (May 15, 3:07 pm PT)
Christopher Kunz, a cybersecurity specialist at heise, claims that thieves have obtained 89 million records from the log of sent SMS messages, which contain "a lot of really boring metadata." Nevertheless, they are supposed to come from 2025, and they supposedly include phone numbers. Kunz claims that this is not a reason to change the Steam . However, he warns that they may be used for a "large-scale phishing campaign." The explanation would clarify the low price the thieves were going to demand for their prize.
Original news (May 14, 10:46 am PT)
Steam s should consider changing their s because there have been reports of a data leak affecting around 89 million s. As Underdark.ai proves, using the screenshot posted on LinkedIn, they are being offered for sale for $5,000 on a Russian-language "dark web."
Alleged evidence of a data leak from Steam. Underdark.ai / LinkedIn
According to the informant, the thieves allegedly obtained details about the players through two-factor authentication handled by Twilio, not directly through Steam. However, it turned out that Valve's digital store doesn't use the services of this company.
This detail was shared by Mellow_Online1 on X, which is dedicated to protecting consumers from scams (mainly on Steam). To confirm the reports, he ed Valve directly, which denied that it was cooperating with the mentioned company.
Moreover, Twilio itself has spoken out on the matter. The company spokesperson informed that the system wasn't breached, so the players' personal information couldn't be stolen from the company's infrastructure.
It's undeniable that the whole matter looks quite strange. So far, Steam hasn't officially commented on the matter, so this info should be approached with caution. Despite everything, it's still a good idea to consider changing your and strengthening your security, just to be on the safe side.
- Half-Life 3 is closer than ever before. „The game is playable-from start to finish. It's never been this far,” says a well-known insider
- Doom The Dark Ages regional prices on Steam are looking wild. Prepare to be confused
- A guide to the best games and deals of Steam's Creature Collector Fest
- F2P players got their voice back in TF2? Valve eases chat restrictions in iconic FPS
- The release date for Stellar Blade on PC just slipped out from Sony. PS5 players are getting something new too