Steam has denied that a reported data breach endangered its users’ personal information after 89 million phone numbers linked to Steam accounts were leaked and put up for sale on the dark web.
The leak, first reported by cybersecurity company Underdark on LinkedIn, included text messages with validation codes and the phone numbers they were sent to. However, Steam stated that the leaked data did not link the phone numbers with Steam accounts, passwords, payment information, or other personal data.
“We have examined the leak sample and have determined this was NOT a breach of Steam systems,” Steam said in a statement. “Old text messages cannot be used to breach the security of your Steam account,” the company added, noting that users receive a confirmation via email and/or Steam secure messages whenever a code is used to change their Steam email or password using SMS.
Despite Steam’s assurance that users do not need to change their passwords or phone numbers, the company recommended regularly checking account security. The origin of the breach has not yet been confirmed, and the threat actor is auctioning off the leaked information for $5,000.
Leaked Xbox UI shows Steam filter before Microsoft pulls it
To enhance account security, Steam recommends setting up the Steam Mobile Authenticator, which enables two-factor authentication with a phone number and email. This adds an extra layer of protection, making it more difficult for unauthorized users to access an account.
Users who have received unsolicited one-time password text messages are advised to ignore them and consider changing their password. Additionally, users with 2FA enabled should check their email for any suspicious activity linked to their Steam account.
To further secure accounts, users can utilize a password manager to create complex passwords and store them securely.
