Massive Steam Data Leak: 89 Million Accounts Exposed – What You Need to Know

A significant data breach has reportedly compromised the personal information of approximately 89 million Steam users. The leaked data, allegedly being sold on the dark web for $5,000, includes SMS logs containing two-factor authentication (2FA) codes and phone numbers. However, Valve, the company behind Steam, has stated that its systems were not breached and that the leaked information does not include passwords, payment details, or other sensitive data.

What Happened?

The breach was first reported by cybersecurity firm Underdark.ai, which discovered a hacker named Machine1337 offering the stolen data on a dark web forum. The leaked information reportedly comprises older SMS messages containing 2FA codes and associated phone numbers. Valve has clarified that these messages were unencrypted in transit and routed through multiple providers, making them vulnerable to interception. Importantly, the company emphasized that the leaked data does not link phone numbers to Steam accounts or include any other personal information.

Valve’s Response

Valve has acknowledged the leak but maintains that its systems remain secure. The company is investigating the source of the leak, which appears to stem from a third-party service provider rather than a direct breach of Steam’s infrastructure. Valve has assured users that there is no need to change passwords or phone numbers, as the leaked data does not compromise account security. However, the company has advised users to remain vigilant and report any suspicious activity.

How to Protect Your Account

Despite Valve’s reassurances, it’s prudent for users to take extra precautions:

• Change Your Password: Update your Steam password to a strong, unique one.
• Enable Steam Guard Mobile Authenticator: Use the Steam mobile app to receive 2FA codes, which is more secure than SMS-based authentication.
• Monitor Account Activity: Regularly check your account for unauthorized transactions or login attempts.
• Be Cautious of Phishing Attempts: Avoid clicking on suspicious links or sharing personal information in response to unsolicited messages.

For a step-by-step guide on setting up the Steam Guard Mobile Authenticator, refer to Kaspersky’s official blog.

Conclusion

While Valve asserts that its systems were not compromised in this incident, the exposure of 89 million accounts is a serious concern. Users are advised to take immediate action to secure their accounts and remain alert to potential threats. By following the recommended security measures, you can help protect your personal information and enjoy a safer gaming experience on Steam.