A big collection of Steam user information is said to be for sale on the dark web. It might have come from one of Valve’s service partners.
Over the years there have been some big data leaks in the gaming world. One of the most well-known was Sony’s PSN hack in 2011. Other companies like Insomniac and Capcom have also had their data stolen. I even remember when the group that runs E3 the ESA leaked personal info of many gaming journalists by mistake. But this new Steam data leak might be one of the biggest yet.
A cyber security company called Underdark says a database with information from millions of Steam accounts has been found for sale on a dark web forum. It includes user details, phone numbers, two-factor SMS messages and one-time login codes. The seller is asking for $5,000.
Underdark says the data in the database probably came from a third-party company not directly from Steam. At first it said the source was Twilio a company that provides text message 2FA services. But a journalist named Mellow_Online1 shared on X that someone from Valve said they don’t use Twilio.
Because this breach might be serious. I recommend anyone with a Steam account take some safety steps.
One of the fastest and easiest things you can do is log out of all your devices and change your password. If you haven’t already turn on two-factor authentication for your email. Only use the codes sent to you right when you ask for them.
Valve told Gamefusionusa that there was a data breach. but it only involved old text messages with temporary codes that expire after 15 minutes. They said your account is safe and not at risk.
Yesterday we heard about some old text messages sent to Steam customers being leaked. Valve said they looked at the messages and found out that Steam’s system was not hacked. They are still trying to find out where the leak came from. The problem is that text messages are not encrypted and pass through many companies before reaching your phone.
The leak showed old text messages with codes that worked for only 15 minutes and the phone numbers they were sent to. The leaked messages did not include Steam accounts, passwords, payment details or other personal info. Old messages like these can't be used to hack your Steam account. If someone uses a code to change your Steam email or password you will get a confirmation email or a message from Steam.
From Steam’s side you don’t need to change your password or phone number because of this. Remember if you get any security messages you didn’t ask for be careful and don’t trust them. It’s a good idea to check your Steam account security often. If you haven’t done it yet. set up the Steam Mobile Authenticator it helps keep your account safe and lets Steam send you secure messages.
0 Comments