Over 89 Million Steam Accounts Impacted in Alleged Data Breach

Valve's popular PC gaming store has been left reeling after allegations emerged that it was the victim of a massive data breach, affecting an estimated 89 million user accounts.

The breach is believed to have occurred due to Twilio, a third-party service used by Steam for two-factor authentication (2FA) codes sent via SMS. Hackers are reportedly selling the compromised records on a dark web forum for just $5,000 (approximately C$6,992), sparking widespread concern among gamers.

Independent games journalist @MellowOnline1 brought attention to the hackers' post, sharing it on Twitter and X in a bid to warn Steam users. In a subsequent tweet, they clarified that the breach was not a direct attack on Steam itself, but rather an external service that the platform relies on for 2FA.

A sample of the leaked data obtained by @MellowOnline1 includes real-time SMS logs, message content (such as 2FA codes), delivery status, routing costs, and metadata like timestamps, recipient numbers, and more. This suggests that hackers had access to Twilio's systems, but it remains unclear whether this is a new breach or an older incident.

While Steam itself appears to have been spared from the attack, users are still at risk due to the compromised data. The leak could lead to phishing attacks where hackers send convincing messages to users, potentially bypassing login protections through session hijacking.

A Growing Concern: Twilio's Data Breach History

Twilio is not new to controversy when it comes to security breaches. In July 2024, the company suffered a breach of its own systems, while its parent company SendGrid was hacked last month. However, there has been no official confirmation from Twilio regarding another breach, leaving some to wonder if this Steam data may stem from an older incident.

Protect Yourself: Steps You Can Take

In light of this alarming development, Steam users are advised to take immediate action to protect themselves. The first step should be to change your Steam password to prevent any potential unauthorized access. It would also be wise to explore alternative 2FA methods that avoid using Twilio, such as Steam Guard.

Steam Guard requires installing the Steam app on a smartphone to access 2FA codes, rather than receiving them via SMS. This option provides an added layer of security and peace of mind for users. By taking these steps, you can significantly reduce your risk of falling victim to phishing scams or session hijacking.

Stay Vigilant: The Importance of Online Security

This alleged data breach highlights the importance of online security in today's digital landscape. With threats like phishing attacks and session hijacking on the rise, it's crucial for users to remain vigilant and proactive in protecting their personal data.