89 million Steam account details allegedly leaked, but no one seems to know how
Table of Contents
Valve has now confirmed that “this was NOT a breach of Steam systems” and users do not need to change their passwords as a result. However, it continues to recommend that you set up the Steam Mobile authenticator for extra security.
Valve's popular PC gaming platform, Steam, is allegedly affected by a data breach that has compromised the credentials of over 89 million users. That's nearly 70% of Steam’s entire active user base, so there’s a good chance your username and password could be part of the leak.
The information comes from X user @MellowOnline1, who highlighted a LinkedIn post from Underdark AI discussing the discovery. According to Underdark AI, a user named Machine1337 posted on a reputable black market forum, offering to sell 89 million Steam account details for $5,000. The seller claims this is a “fresh” leak and says it includes usernames, passwords, two-factor SMS logs, message contents, metadata, delivery status, and other sensitive details.
How did the leak occur in the first place?
Despite circulating on social media for a few days, people still aren't sure where the leak originated. The first assumption, of course, was Valve itself, but later updates suggested that it wasn't a direct breach of Steam, but rather a vendor Valve may have worked with at some point.
Deals season is here folks, and with it comes huge savings on some of the market's most popular hardware. Below, we be listing today's best PC hardware deals, including GPUs, CPUs, motherboards, gaming PCs, and more.
- ASUS TUF NVIDIA RTX 5080 Was $1599 Now $1349
- ASUS TUF RTX 5070 Ti Was $999 Now $849
- ASUS TUF ROG Strix XG27ACS Was $349 Now $329
- TCL 43S250R Roku TV 2023 Was $279 Now $199
- Thermaltake LCGS Gaming PC Was $1,799 Now $1,599
- Samsung Odyssey G9 (G95C) Was $1,299 Now $1,000
- Alienware AW3423DWF Was $699 Now $549
- Samsung 77-inch OLED S95F Was $4,297 Now $3,497
- ASUS ROG Strix G16 Was $1,499 Now $1,350
*Prices and savings subject to change. Click through to get the current prices.
This brought Twilio into the spotlight, with claims that it handled Steam's two-factor authentication systems and that the leak stemmed from its infrastructure. However, Valve reportedly reached out to MellowOnline1 and stated that it has never used Twilio.
So, at the time of writing, the internet is still trying to figure out who is actually responsible for the supposed breach. Interestingly, user MellowOnline1 also mentions that the site selling these datasets resembles others like Mipped, which the group Sentinels of the Store, known for pushing Valve to clean up shady practices on Steam, have been warning about for years. Despite these warnings, Valve was slow to take action.
For now, we recommend that Steam users stay on high alert for phishing scams, as hackers often resort to these tactics to target accounts they couldn't access through the breach. As a precaution, change your Steam password and avoid using SMS verification until the situation becomes clearer. The safest option is to enable Steam Guard, which uses the Steam mobile app to generate 2FA codes instead of relying on SMS.
About the Author