quickutilities – Valve commented on a reported data breach involving Steam, which allegedly exposed details of 89 million user accounts. The company stated that it did not breach its systems. Valve is investigating the leak’s source but confirmed that it did not compromise any sensitive data, such as passwords or payment information. Here’s what you need to know.
Reported Leak on Dark Web
Earlier this week, a report surfaced about a significant Steam data breach. A LinkedIn user claimed to have discovered a malicious actor selling data of over 89 million Steam accounts on a dark web forum for $5,000. The leak raised alarm bells for many users who feared that their personal information might have been exposed. A user, @MellowOnline1, from the Steam user advocacy group “Sentinels of the Store,” shared an update, speculating that the leak could have originated outside of Steam’s internal systems.
Read More : Trump Praises Major Boeing-Qatar Airways Deal as a Big Win
Valve Denies Breach of Steam Systems
In response to the reports, Valve clarified that it did not breach Steam’s systems. The company confirmed that it did not expose any passwords, payment details, or other sensitive user data. Valve explained that the leaked data consisted of older SMS logs used for two-factor authentication (2FA). These messages contained one-time codes and phone numbers but did not link them to individual Steam accounts. Valve stressed that it has kept the security of Steam accounts intact.
The Source of the Leak
Valve is investigating the leak’s source and said that the incident likely involved a third-party vendor. According to Valve, SMS messages sent during two-factor authentication are often unencrypted in transit. These messages are routed through multiple providers before reaching the user, making it harder to trace the leak’s origin. Valve is looking into how these older messages made it to the dark web and whether any external provider was responsible.
What the Leak Involved and Why It’s Not a Threat
The leaked data primarily included older text messages with one-time authentication codes. These codes are valid for short periods, usually 15 minutes, and help users log into Steam or make account changes. Valve assured users that malicious actors cannot use this data to breach Steam accounts. Additionally, when users change their account’s email or password using a code, Valve sends notifications via email or secure Steam messages for added security.
No Action Required by Steam Users
Valve has assured Steam users that there is no need to change their passwords or phone numbers in response to this incident. The company advised users to remain vigilant and treat any unsolicited account security messages as suspicious. It is always a good idea to regularly review account security and enable features like two-factor authentication for extra protection.
