Home > News

Valve provides update to Steam account details leak, confirms no breach

Valve confirms user data is not at risk from leak
Rebecca Hills-Duty
Last Updated on
Valve provides update to Steam account details leak, confirms no breach
PC Guide is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Read More

Table of Contents

Many Steam users were alarmed to discover that a breach apparently managed to get away with the details of over 89 million users. However, many were left confused as to how the breach had occurred. Valve has now confirmed that “this was NOT a breach of Steam systems” and customer details are safe.

Valve announced on its official Steam Support page that no breach of Steam systems had occurred. There was a leak of some older text messages that contained a few one-time codes for two-factor authentication. However, these messages did not contain any user or password data, only the alphanumeric string, which was only valid for 15 minutes from the time it was sent.

No need to change your password, after all

You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at

https://store.steampowered.com/account/authorizeddevices

Source: Steam

This does leave the tangled question of how the original report managed to get so far from the truth. Enough that thousands of Steam users rushed to change passwords.

The initial report appears to originate from a LinkedIn post, in which the ‘Underdark' AI bot discusses the discovery of a dataset being offered for sale on a dark web forum. Some analysts expressed skepticism as the dataset was being offered for only $5,000, a paltry amount if the data did in fact contain valuable information such as usernames, passwords, and payment data.

It seems that the Underdark LLM bot extrapolated from incomplete information and made some fairly significant errors in doing so. The post said that the data contained: “The data includes message contents, delivery status, metadata, and routing costs — suggesting backend access to a vendor dashboard or API, not Steam directly.” A claim that is now said to be inaccurate.

Valve says that player data is in no danger from this leak, but encourages those concerned to set up a Steam Mobile authenticator for extra security.

432
Gaming PC & Nintendo Switch 2

Why would you get a Nintendo Switch 2 if you’re a PC gamer?

About the Author

Rebecca Hills-Duty

Writing and journalism experience at VRFocus, UploadVR, The Escapist, HTC, PC Gamer, Tech Radar+ and Dexerto. Can sometimes be found playing with retro tech.