89 million Steam accounts at risk from hackers — enable this security feature to protect your account now
If you're like me and have been buying the best PC games on Steam digitally for the past 20 years, you might want to change your password, as a hacker is currently selling millions of account details on the dark web.
A hacker, who goes by the handles Machine1337 and EnergyWeapon user online, recently made a post on a dark web forum in an attempt to sell over 89 million Steam user records. All of this leaked data, including one-time access codes, can be had for the low price of just $5,000.After examining the leaked files, which there are 3,000 records, BleepingComputer found historic SMS messages with one-time passcodes and phone numbers for accounts on the digital distribution platform. In a post on X, independent games journalist Mellow_Online1 provided further details explaining that it's likely that Steam itself didn't suffer a data breach and instead, an external service used by Valve for the platform was targeted.
Here's everything you need to know about these stolen account details, along with some steps you can take to protect your own Steam account from hackers.
With over 120 million monthly active users, Steam is the world's largest digital distribution platform for PC games, and given that it has been selling them for 20 years now, chances are that most PC gamers have a fairly large game library associated with their accounts.
By analyzing the samples of the stolen data, Mellow_Online 1 believes that the one-time access codes come from Twilio and that an admin account may have been compromised or that the service's API keys are being abused. However, when BleepingComputer reached out to Twilio, a company spokesperson explained that it is investigating the situation, though so far, it has found no evidence that its services were breached.
Another possible explanation for the leak is that these one-time codes could come from a mobile carrier. However, at this time, BleepingComputer has not been able to determine if this is the case or which provider might have been hacked.
This leak, and all of this Steam account data being sold on the dark web, is concerning. Especially given that some of the data is relatively new, with leaked one-time passcodes dating back to March of this year.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
If you're worried about your Steam account being hacked and losing access to the games you've purchased on the platform, the first and most important thing you should do is to enable Steam Guard.
For those unfamiliar with this security feature, it works just like two-factor authentication (2FA) on other sites to help prevent unauthorized access to your account. Setting it up is relatively easy, too and once that's done, it acts as an extra layer of security for your Steam account.
To set up Steam Guard, you first need to verify your email address by going to Settings and then Verify Email Address. Following the prompts within Steam will lead to a confirmation email being sent to your inbox. Once you've verified your email, you will need to restart Steam twice, after which time, Steam Guard will automatically enable itself.
If it doesn't, though, you can manually enable it by going to Steam, Settings, Account and then clicking on Manage Steam Guard Account Security. Within this menu, you will want to toggle on the option to 'Protect my account with Steam Guard' and then click next.
It's worth noting that if you already have Steam Guard enabled, your account is likely safe. If not, you're going to want to reset your password. Given how much you've likely spent on Steam games over the years, you're going to want to pick a strong and complex password to protect your account. You can also use one of the best password managers to do this for you if you have trouble coming up with passwords on your own.
To keep your gaming PC and other accounts safe from hackers, you should also consider using one of the best antivirus software suites if you aren't doing so already.
As a big Steam user, I'll keep a close eye on this story and update this piece if there's any news regarding these account details being sold on the dark web.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Engadget
2 hours ago
- Engadget
The gorgeous indie game Death Howl will have a new demo on June 9
A deck-building game with soulslike elements is an odd genre mashup, to say the least. But that's what the three-person Danish studio The Outer Zone is creating with Death Howl . The second demo for the indie PC title launches next week on Steam. The unusual blend of genres isn't the game's only hallmark. Death Howl also has a gorgeous art style and music to match its rich themes. You play as Ro, a hunter from a small tribe, who is grieving her son's death. Mystical voices beckon her toward a spirit realm as she tries to bring him back. Ro's adventure leads her on a journey of "love, loss and the slow path toward acceptance." The game's deck-based combat will unlock various melee and ranged spell attacks. As you progress, you'll craft cards built around your preferred tactical style. Meanwhile, shamanic totems will enhance your deck and buff up your strikes. The Outer Zone / 11 Bit Studios What makes it soulslike, besides being hard? Publisher 11 Bit Studios offered some insight on Reddit. "Initially, we thought about a different label for Death Howl ," the publisher wrote. "But as we played it more and brought in random testers, we noticed something surprising. The game, despite not being an action RPG, does feel like a soulslike. It evoked emotions similar to what you experience in a soulslike." Meanwhile, the game's difficulty reveals itself most in boss battles and side quests. Death Howl doesn't arrive until sometime later this year. But the second demo will be playable from June 9 to 16. Head to the game's Steam page to check it out. In the meantime, you can watch its new trailer below. To view this content, you'll need to update your privacy settings. Please click here and view the "Content and social-media partners" setting to do so.
Engadget
4 hours ago
- Engadget
Splitgate 2 will exit its beta and get an official release on June 6
Splitgate 2 will officially launch on June 6, after what must've been a successful beta . It'll be available on a whole bunch of platforms, including PC via Epic, Windows and Steam. The game will also be playable on Xbox Series X/S, Xbox One, PlayStation 4 and PlayStation 5. It's free, with optional in-game purchases. As the name suggests, this is a sequel to the extremely popular 2021 arena shooter . Both the original and its sequel offer a fun gameplay hook. Players can create and jump through portals to surprise enemies or to traverse locations quickly. Otherwise, it's a first-person shooter, so imagine a nice combination of Quake with, well, Portal . To view this content, you'll need to update your privacy settings. Please click here and view the "Content and social-media partners" setting to do so. There's a new trailer to commemorate the official launch, which zeroes in on the story. Developer 1047 Games promises there will be a "metric ton of maps, weapons and modes" on June 6. It has also announced that any progression made during the beta period will carry over to the full release. Version 1.0 will include a map creator and "so much more." To that end, the dev team says there's "one surprise left in store." This will be revealed at Summer Game Fest , so stay tuned. The first Splitgate was a legit phenomenon, with over 10 million beta downloads before it was officially released.
Tom's Guide
5 hours ago
- Tom's Guide
Dangerous new Android malware is adding fake contacts to your phone while draining bank accounts
A new Android malware strain is making the rounds online that makes it incredibly difficult to distinguish who's actually calling you as it was recently updated with the ability to add fake contacts to your phone. As reported by BleepingComputer, the malware in question is called Crocodilus, and it was first discovered back in March of this year by Threat Fabric. While it was initially used to target crypto users in Turkey to drain their wallets, the malware is now being distributed on a global scale and is currently being used to target the best Android phones in the U.S., Spain, Argentina, Brazil, Indonesia and India. In a blog post, the cybersecurity firm Field Effect explains that Crocodilus is distributed using a custom dropper so that it can bypass Android's built-in security measures. For instance, it doesn't need access to Android's Accessibility Services or other user permissions to end up on a vulnerable smartphone. Likewise, it's also able to bypass the built-in defenses of Google Play Protect. Crocodilus' latest new ability is particularly worrying since hackers can easily use it in social engineering attacks. For instance, you might see a call come through from your bank after visiting a malicious website on your phone. However, since Crocodilus can now be used to add fake contacts to your phone, it could actually be hackers trying to scam you out of your hard-earned cash on the other end of the line. Here's everything you need to know about this new threat, including some tips and tricks to help you stay safe from hackers trying to infect your smartphone with malware. Though still quite new, Crocodilus is already a full-featured Android malware with loads of malicious capabilities. For example, it can remotely take over your smartphone, steal data from it and use overlay attacks to mimic popular financial and banking apps to steal your credentials. Now, in the latest version of this malware, the ability to add fake contacts to a victim's phone has been added to Crocodilus. Once this is done, the device will display the name listed in a caller's contact profile as opposed to their caller ID when an incoming call is received. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. With this new capability, hackers using the Crocodilus malware in their attacks can easily impersonate banks, trusted companies and even your friends and family members. Given that more people text than call these days, potential victims could easily fall for a text from a friend or family member asking them to send money in an emergency and have no idea that they did so. It's also worth noting that these fake contacts aren't tied to your Google account. Instead, they remain on an infected phone and won't sync with your other devices once you log in to them. At this time, it's currently unknown how Android users are being tricked into infecting their phones with the Crocodilus malware. However, Field Effect's researches suggest that the malware is likely being distributed via malicious sites, fake promotions sent through social media or via text and on third-party app stores. You can never be too careful on your phone and this is especially true with new malware strains like Crocodilus. From clicking a bad link to downloading a malicious app, there are plenty of ways in which your devices can become infected with a virus. For this reason, I always recommend limiting the number of apps on your phone. This is because even good apps can go bad when injected with malicious code and it's always easier to ensure that the apps you do have installed are up to date when there are few of them overall. At the same time, you want to stick to downloading new apps from the Google Play Store or other first-party Android app stores like the Samsung Galaxy Store or the Amazon App Store. The reason being is that the apps on unofficial, third-party app stores don't go through the same rigorous security checks that they would on other platforms. To stay safe from Android malware, first and foremost, you want to make sure that Google Play Protect is enabled on your smartphone. This free security tool scans all of the new apps you download as well as any existing apps on your phone for malware and other threats. However, as hackers will often find ways to bypass Android's built-in security tools like we've seen here, you may also want to consider downloading and installing one of the best Android antivirus apps for extra protection. If you want to be extra safe, though, the best identity theft protection services can help you regain your identity and any funds lost to fraud after a major malware attack. Given that the Crocodilus malware has already been updated quite frequently despite it being fairly new, I expect this won't be the last we hear of this Android malware strain, especially now that hackers are using it in attacks in even more countries.
