A reported data leak involving 89 million Steam accounts has sent shockwaves through the gaming community, raising serious concerns about user privacy and third-party security. The breach surfaced when cybersecurity firm Underdark flagged a dark web listing by a vendor named Machine1337, offering the stolen database for $5,000.
The dataset allegedly contains sensitive metadata, including phone numbers and expired one-time SMS codes, which could be exploited in phishing or social engineering attacks. Notably, over 30 million users were online on Steam at the time the breach became public, underscoring the potential impact.
ALso Read: Microsoft Bans DeepSeek App for Employees Over Data Security Concerns
In response, Valve swiftly issued a statement denying any compromise of its systems. “We have examined the leak sample and have determined this was NOT a breach of Steam systems,” the company confirmed. Instead, the leak appears to have originated from an external SMS provider previously used for two-factor authentication.
While the leaked codes are outdated and passwords or payment data were not affected, cybersecurity experts are urging users to take precautions. They recommend switching to Steam’s mobile authenticator, changing passwords, and monitoring for suspicious account activity.
The incident serves as a stark reminder of the vulnerabilities associated with third-party services and the importance of proactive digital hygiene.
