Valve Confirms No Security Breach on Steam: No Need to Change Your Password

Steam Leak Investigation: Update on SMS Message Exposure

Our investigation into the recent leak has concluded that it is not a result of any breach within Steam’s systems. We are actively exploring the origin of the leak, which is exacerbated by the nature of SMS messaging; specifically, these messages are transmitted unencrypted and traverse various providers before reaching users’ devices.

Details of the Leak

The leaked information comprises older text messages that contained one-time codes. These codes were only active for a limited duration of 15 minutes, along with the associated phone numbers to which they were sent. Importantly, this data does not connect phone numbers to Steam accounts, nor does it reveal any passwords, payment details, or other sensitive personal information. Consequently, these outdated SMS messages cannot compromise the security of your Steam account. Furthermore, users will receive an email or Steam secure message confirming any changes to their email address or password initiated with these codes.

No Action Required by Users

As a result of this incident, there is no need for users to change their passwords or phone numbers. This situation serves as a beneficial reminder to remain vigilant regarding unsolicited account security notifications. We strongly advise users to regularly assess their Steam account security, which can be done conveniently at this link.

Enhancing Account Security with Steam Mobile Authenticator

For added security, we recommend that users activate the Steam Mobile Authenticator if they haven’t already. This tool provides the most effective means for us to communicate securely about your account and ensure its safety.

Context of the Leak

The alert regarding this leak emerged when an individual identified as Machine1337, or EnergyWeapon, began promoting the sale of user records related to Valve’s platforms on the dark web. Although the individual purportedly sought $5, 000 for this data, Valve asserts that the leaked information poses no risk of malicious exploitation.

Source & Images