Valve Probes 89 Million Steam Data Leak

Valve has addressed concerns surrounding a reported data breach affecting Steam, where details of approximately 89 million user accounts were allegedly leaked online. The company clarified that its systems were not compromised and that the leaked information did not include sensitive data such as passwords or payment details. Valve is currently investigating the source of the leak, assuring users that they do not need to change their passwords or phone numbers.
Details of the Alleged Data Breach
Reports of a significant data breach involving Steam emerged earlier this week when a LinkedIn user claimed to have discovered a malicious actor offering access to data from over 89 million accounts for $5,000 on a dark web forum. This alarming revelation prompted further investigation into the authenticity of the claims. A user known as @MellowOnline1, who leads a Steam user advocacy group called โSentinels of the Store,โ provided updates on the situation. They suggested that the leak likely originated from outside Steam, indicating that the data may have come from a third-party vendor associated with Valve.
According to MellowOnline1, the leaked information included real-time SMS logs used for two-factor authentication (2FA) on Steam accounts. This detail raised concerns about the security of external services that Valve relies on, suggesting a potential supply chain compromise rather than a direct breach of Steam’s systems. The situation highlights the vulnerabilities that can arise when third-party services are involved in account security.
Valve’s Assurance on Account Security
In a statement released on Thursday, Valve acknowledged the reports of the leak but emphasized that Steam’s systems had not been breached. The company stated, โYou may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.โ Valve is actively investigating the source of the leak, noting that SMS messages are often unencrypted during transmission and can pass through multiple providers before reaching users.
The leaked data reportedly consisted of older text messages containing one-time codes that were valid for short periods. Valve reassured users that this information did not link phone numbers to Steam accounts, nor did it include passwords, payment information, or other personal details. The company emphasized that old text messages cannot be used to compromise account security. Users will receive confirmation via email or secure messages whenever a code is used to change their Steam email or password.
Recommendations for Steam Users
Despite the reassurances from Valve, the company advised Steam users to remain vigilant. Users are encouraged to treat any unsolicited account security messages as suspicious and to regularly review their account security settings. Valve also recommended that users enable the Steam Mobile Authenticator, which provides a more secure method for receiving messages related to account safety.
By taking these precautions, users can enhance their account security and reduce the risk of unauthorized access. Valve’s proactive approach in addressing the situation and providing guidance reflects its commitment to maintaining the safety and security of its user base. As investigations continue, users are urged to stay informed and take necessary steps to protect their accounts.
Observer Voice is the one stop site for National, International news, Sports, Editorโs Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.