Hackers Allege Steam Data Breach, Data Sold on Dark Web: Here’s how you can be protected

A dark‑web post claimed that credentials and one‑time SMS codes for over 89 million Steam accounts were being sold for $5,000, prompting concern among gamers. Cybersecurity researchers reported that the data included phone numbers, 2FA tokens, and account metadata from an external SMS provider rather than Steam itself.

Following that, Valve made it clear that no Steam systems were hacked and that the disclosed data just consists of obsolete, non-malicious SMS one-time codes.

Valve note: “Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.”

Still, security experts encourage everyone using Steam to change their passwords, use another real-time authenticator tool, and analyze their account behavior for hacking indicators.

Origin of the Listing

A hacker known as Machine1337 offered what was described as a database of 89 million Steam user records for sale on a dark‑web forum. The listing purported to contain phone numbers, metadata, and one‑time SMS codes used for two‑factor authentication. Analysis suggested the data came from a third‑party communications provider rather than Steam’s own infrastructure.

Vendor and Valve Statements

Initial speculation pointed to a breach at the SMS provider, but both that company and Valve denied any security failure on their systems. Valve’s statement explained that the records are simply past SMS codes valid for only a brief window when originally sent. There was no exposure of passwords, Steam IDs, payment details, or other sensitive account information. Valve emphasized that existing SMS codes are expired, and that account security was not compromised.

Independent Verification of Steam Data Leak

Many IT news sources claim that users cannot access their accounts using the hacked SMS codes. Any personal data, including expired codes, could be exploited in concert with other forms of social engineering or phishing. Users should be alert for any odd login warnings, experts warn.

Recommended Security Steps

1. Change your Steam password to a strong, unique value not used elsewhere.

2. Switch from SMS‑based two‑factor authentication to the Steam Mobile Authenticator or another authenticator app.

3. Review recent login history and authorized devices in Steam’s security settings.

4. Beware of phishing emails or messages pretending to be from Steam Support and avoid clicking unsolicited links.