A hacker claimed to leak details of 89 million Steam accounts, but Valve has confirmed no breach occurred—only expired SMS codes were involved.
A Hacker’s Big Claim Sends Shockwaves
Earlier this week, rumors began circulating that a massive leak had exposed data from nearly 89 million Steam accounts. The claim came from a hacker who allegedly listed the stolen data for sale on a dark web forum for $5,000.
The database was said to include phone numbers and one-time login codes linked to Steam’s two-factor authentication system. This created immediate concern among Steam’s large user base, with many worried their personal data or account access might have been compromised.
Valve Steps In: “No Breach of Steam Systems”
The company that created the well-known PC gaming platform, Valve, looked into the problem right away. The company clarified that there was no hack or breach into Steam’s servers after examining a sample of the disclosed data.
“We have examined the leak sample and have determined this was NOT a breach of Steam systems,” said Valve.
The data in question turned out to be a batch of old SMS messages that contained time-limited two-factor authentication codes. These codes were only valid for about 15 minutes and did not include user names, passwords, or account links.
“The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to,” Valve added.
No Personal Info, No Passwords, No Payment Data
Users were reassured by Valve that the leak contained no private data, like passwords, credit card numbers, or associated Steam accounts. Despite being apparent in the hacked texts, phone numbers were not linked to specific user accounts.
This helped calm fears of users potentially being locked out of their accounts or having their identities exposed.
Twilio Rumored, But Not the Source
Some early reports speculated that Twilio, a messaging service used by many tech companies, might have been the source of the leak. However, both Valve and Twilio have stated there’s no link between the two.
Valve confirmed it does not use Twilio, shutting down those theories and focusing instead on tracing where the outdated messages may have been stored or intercepted.
What Should Steam Users Do?
While Valve confirmed that no user accounts were at risk, security experts still recommend basic safety steps:
- Change your Steam password if it hasn’t been updated in a while
- Enable Steam Guard Mobile Authenticator for two-factor authentication
- Stay alert to phishing messages pretending to be from Steam
Even when no direct risk is identified, keeping account information updated is always a good move.
A Lesson in Digital Caution
Even while the Steam panic proved to be less dangerous than initially believed, it serves as a reminder of how easily false information can proliferate online and how crucial it is for businesses to react promptly and properly.
Millions of users were reassured by Valve’s swift action that their personal information, purchases, and game libraries would be safe.
Steam users were alarmed by claims of a massive data breach affecting 89 million accounts. Valve investigated and confirmed there was no breach—just a leak of old, expired SMS codes with no personal information involved.
