Steam has denied that a reported data breach endangered its users’ personal information.
First reported by Underdark, a cybersecurity company, on LinkedIn, information for 89 million Steam accounts popped up for sale on the dark web, including text messages with validation codes and the phone numbers they were sent to.
Steam, Valve’s popular online gaming store and distribution platform, responded to the news last night with a statement saying, «We have examined the leak sample and have determined this was NOT a breach of Steam systems.»
The company said that the leaked data did not link the phone numbers with Steam accounts, passwords, payment information or other personal data.
«Old text messages cannot be used to breach the security of your Steam account,» the statement said. «Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.»
You do not need to change your passwords or phone numbers as a result of this event, but it’s a good reminder to treat any account security messages that you haven’t explicitly requested as suspicious.
The origin of the breach has not yet been confirmed, and Valve did not immediately respond to CNET’s request for comment. The data allegedly includes users’ one-time passwords and phone numbers. The threat actor says it’s auctioning off this information for $5,000.
Steam said that users don’t need to update their passwords, which CNET recommended in a previous version of this story. But it did recommend regularly checking your Steam account security.
However, whenever you’re worried about a security breach, changing your password is a smart move. If you have a Steam account, it doesn’t hurt to change your password now to keep your game library — and financial information — secure. Here are some additional ways to protect your account.
How to protect your Steam account
Even if it may not be necessary, it doesn’t hurt for Steam account holders to change their passwords. At the very least, this will help secure your account.
If you want to take it a step further, you can use a password manager to create complex passwords and store them for you.
Steam also recommended setting up the Steam Mobile Authenticator, which enables two-factor authentication with your phone number and email. 2FA is an easy step that will make it much more difficult for unauthorized users to access your account. Steam doesn’t support the use of hardware security keys, which can offer another level of protection, so its in-house 2FA is going to be your best bet to protect your account.
If you already have 2FA enabled, be sure to check your email for any suspicious activity linked to your Steam account.
If you’ve recently received any one-time password text messages that you did not request, ignore them and change your password again. In the coming weeks, keep an eye out for any phishing attempts disguised as game product offers or other Steam-related content.
