You Don’t Need to Panic About the Latest Steam Leak
If you’ve seen the news claiming that over 89 million Steam user records have been leaked, don’t panic. Social media posts currently circulating suggest that Steam credentials are being offered for sale on the dark web, but these claims appear to be untrue. Of course, even if your data hasn’t actually been compromised, it’s a good idea to set up additional authentication on your Steam account.
What happened to Steam?
Short answer: Probably nothing. As reported by XDA , user X MellowOnline1, a gaming journalist, noticed a LinkedIn post from Underdark.ai claiming that 89 million Steam user records were put up for sale on a darknet forum for $5,000 through an attacker known as Machine1337. MellowOnline1 suggested that the leak did not come from Valve Corporation – the owner of Steam – but from Twilio, a platform that provides two-factor authentication (2FA) for applications like Steam using methods such as SMS, voice, email, WhatsApp, passkeys, push notifications and time-based one-time passwords.
Upon further investigation , Bleeping Computer received a statement from Twilio denying any involvement in any wrongdoing (and, according to an update from MellowOnline1 , Valve has indicated that it does not use Twilio anyway). The data allegedly included SMS messages containing Steam one-time passwords and user phone numbers, but Bleeping Computer was unable to verify the source or confirm the attacker’s claims.
What should Steam users do?
While this supposed threat isn’t really something to worry about, it doesn’t hurt to make sure you have extra security set up on your Steam account. You can change your Steam password (found under Settings or Preferences ) and enable Steam Guard Mobile Authenticator , Steam’s 2FA feature. You should also be on the lookout for unauthorized login attempts and exercise caution when interacting with any messages about your account that appear to be coming from Steam Support, as they may actually be phishing attempts taking advantage of panicked users.