Reports about Steam data breach are false, Valve says

Valve has confirmed that reports circulating about a breach of Steam systems are false and said that there is no reason for users to take actions such as changing their passwords or the phone numbers linked to their Steam accounts. 

“We have examined the leak sample and have determined this was NOT a breach of Steam systems,” the company stated.

“The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to,” it continued. “The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.”

The leaked data came from an external service provider and appears to be real, but as Valve explained can’t be used to enter someone’s account. Users should only be wary about getting potential phishing messages mentioning their Steam account via SMS in the future, since the leaked data confirms that the phone numbers are connected to a Steam account, allowing bad actors to run targeted schemes.

“It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious,” Valve added.

The company offers two-factor authentication via its own Steam Mobile Authenticator as an alternative to text messaging and recommends account owners to use it, as it eliminates the involvement of third parties like the breached service provider.

More news on DBLTAP: