Valve Says Steam Data Breach Is Not Real

Valve has responded to online claims that a massive database of Steam credentials is being made available on the black market, assuring everyone that their passwords are safe and that people don’t need to change them.

Steam has hundreds of millions of users, many of whom are active on a daily basis. When someone claims to have 89 million credentials from Steam, it’s only natural for users to wonder if their accounts are safe.

Not everything announced on the Dark Web is real

Cybercriminals often put up for sale stolen information, and the Dark Web is usually where it’s done. The problem is that not everything claimed on the Dark Web is true. In fact, you would have to make a leap of faith to believe that criminals are honest about a product they sell.

A report on LinkedIn, of all places, initially claimed that someone was trying to sell a database of 89 million user records from a Steam data breach for a measly $5,000. The hackers even had “proof” that their data was real.

Valve says it’s not real

Such a bold claim needed a response from Valve. The company was quick to point out that the information about a data breach was false.

“You may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems,” Valve explained.

“We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.”

The company explained that the leak was a compilation of one-time codes that were only valid for 15-minute time frames, and the phone numbers to which they were sent.

Most importantly, Valve also said the leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data.

In short, there is no need to change the existing passwords, but Valve used this opportunity to say it’s a good idea to set up the Steam Mobile Authenticator. While 2FA is not enforced for Steam accounts (unless trading is involved), it’s available as a security feature, and everyone should enable it either way.