Update #2 (May 15, 3:38 pm PT)
Valve clarified the matter, stating unequivocally that there was no compromise of their Steam systems. Yet, an incident did occur, involving the exposure of older text messages containing one-time codes (valid for 15 minutes) and the phone numbers they were sent to.
We want to clarify that the provided data does not have the ability to connect with your Steam account, login credentials (password), payment details, or personal information. Consequently, it cannot be employed for launching attacks on a Steam account. Furthermore, any effort to utilize such a code to alter the email address or password will trigger an alert notification instead.
Although the cause of the leak is yet to be definitively identified, it could prove challenging due to the fact that SMS messages lack encryption during transmission and pass through multiple service providers. Meanwhile, Valve suggests refraining from modifying your password or phone number, but encourages treating any unrequested Steam account security-related communications with skepticism and emphasizes the use of Steam Guard for added protection.
Update #1 (May 15, 3:07 pm PT)
According to cybersecurity expert Christopher Kunz from heise, criminals have allegedly acquired 89 million records from a log of sent SMS messages. These records primarily contain uninteresting data such as metadata. However, it’s important to note that these records are said to originate from the year 2025 and they may include phone numbers. Kunz advises against changing your Steam account password due to this incident. Yet, he cautions that these stolen records could potentially be used for a widespread phishing campaign, but there’s no mention of a low price the thieves might ask for their acquisition.
Original news (May 14, 10:46 am PT)
It’s advisable for Steam users to update their passwords as it appears that approximately 89 million accounts might have been compromised. The evidence provided by Underdark.ai suggests that these stolen accounts are being sold for $5,000 on the dark web in a Russian-speaking marketplace.
As reported by our source, it was claimed that the thieves supposedly got information about the players via a two-factor authentication system managed by Twilio, but not through Steam itself. Interestingly, it was later discovered that Valve’s digital platform does not utilize Twilio’s services.
Mellow_Online1, over at X, posted information about a suspected partnership between a company and Steam that aims to safeguard users from fraudulent activities. To verify these claims, Mellow_Online1 reached out to Valve Corporation directly, who stated they were not cooperating with the mentioned company.
As a gamer, I wanted to share some good news: Twilio has addressed the issue at hand. One of their representatives communicated that there was no breach in their system, which means my personal data as a player is safe and secure within their infrastructure.
It appears that the situation is rather puzzling, as no clear explanation has been given by Steam yet. Therefore, it would be prudent to approach this information with caution. To ensure safety, it might be wise to update your password and enhance your login protection for good measure.
Read More
- How to use a Modifier in Wuthering Waves
- 50 Goal Sound ID Codes for Blue Lock Rivals
- Basketball Zero Boombox & Music ID Codes – Roblox
- Ultimate Myth Idle RPG Tier List & Reroll Guide
- 50 Ankle Break & Score Sound ID Codes for Basketball Zero
- Mistfall Hunter Class Tier List
- Lucky Offense Tier List & Reroll Guide
- Ultimate Half Sword Beginners Guide
- Unlock All Avinoleum Treasure Spots in Wuthering Waves!
- Watch Mormon Wives’ Secrets Unveiled: Stream Season 2 Free Now!
2025-05-15 17:02