Gamers, I implore you to go and change your Steam password right away. Around 89 million Steam account details have seemingly been obtained and put up for sale on the dark web, with the seller reportedly asking for thousands of dollars for the entire database.
In gaming circles, there have been some pretty notorious data leaks and breaches over the years. There’s Sony’s infamous ‘PSN Hack’ from 2011. There have been high-profile breaches of information from companies like Insomniac and Capcom. I remember when the ESA, the association that ran E3 every year, accidentally leaked a bunch of gaming journalists’ personal information. But this alleged breach of Steam user data could be one of the biggest ever.
Reportedly affecting millions of Steam accounts, this database contains user records, contact details like phone numbers, two-factor SMS message logs, and one-time access codes. This is all according to Underdark, a cyber threat security company that originally spotted a post on a dark web forum looking for a buyer for the data. The price? Reportedly it’s $5,000.
Underdark also claims that, due to the nature of the information in the database, the source of this data is likely a third-party vendor or service provider rather than Steam itself. Initially, it claimed that this was Twilio, a cloud communications platform that offers SMS 2FA services, but according to independent journalist ‘Mellow_Online1’ on X, a Valve representative told them that the company does not use Twilio as a service provider.
Neither Valve or any other company have publicly acknowledged that there’s been a breach of Steam user data yet. However, given the alleged scope of this breach, I’d definitely encourage anyone reading this with a Steam account to take some precautionary measures.
One of the quickest and easiest things you can do is to log yourself out of all sessions on all devices and change your password. You should absolutely set up two-factor email authentication as well, if you haven’t already done so. You should also only use authentication codes sent to you at the moment you requested them.
PCGamesN has contacted Valve for comment on this alleged data breach and we will update this story should we receive a response.