Latest news with #Machine1337
CBC
15-05-2025
- Business
- CBC
Were Steam user records leaked? Here's what you need to know
Social Sharing Claims of a data breach at popular gaming platform Steam, resulting in more than 89 million user records being offered up for sale on the dark web, have been circulating since Saturday. But Valve, the company that owns Steam, says the platform's systems have not been breached. It all started with a LinkedIn post on May 10 by which describes itself as a company offering "cyber threat intelligence services." The post alleged that a "threat actor" called Machine1337 posted on a dark web forum saying they had breached Steam systems, offering up more than 89 million user records for the price of $5,000 US. In an emailed statement to CBC News, Valve spokesperson Kaci Aitchison Boyle said the company was "made aware" of reports that text messages to Steam users had been leaked. She said after an examination of the leak sample, Valve was able to confirm the leak was not a result of a breach of Steam systems. "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to," the statement said. In the statement, Aitchison Boyle said Valve is still looking into the source of the leak, adding it's complicated by SMS messages being "unencrypted in transit" and "routed through multiple providers" before it gets to a user's phone. "The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data," Valve's statement said. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages." In an update to its original LinkedIn post, claimed it was able to confirm through a sample of the dataset provided by the data seller that the leaked data contained "real-time 2FA SMS logs routed via Twilio." Twilio, a platform used by businesses to engage with their customers through text, email, chat and video, said in an emailed statement to CBC that it was able to confirm that the leaked data did not come from them. "There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio," the statement said. Valve's statement said users don't need to change their passwords or phone numbers, but reminded users to be suspicious of any account security messages they didn't explicitly request. Valve added that Steam users should regularly check their account security and to set up Steam Mobile Authenticator to be sent secure messages about their account safety.
Time of India
15-05-2025
- Time of India
"NOT a breach of Steam systems" - Steam dismisses reports of data leak as fake
Image via Valve. A few days ago, an alleged data breach pointed many fingers towards Steam. However, this highly popular PC gaming platform has debunked all the possibilities of date leaks. According to the initial reports, over 89 million Steam accounts were compromised. But after Steam's assurance, it doesn't seem to be a concern anymore. Despite the abundance of Epic Games Store, GOG, Xbox Store for Windows, and many others, Steam remains the most popular PC gaming platform. Besides being popular, this platform is hugely secure as well. That is why the initial claims of a potential data leak comes out to be false. Steam debunks any possibility of a potential data breach The data breach report is actually false. | Image via Valve. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like AI guru Andrew Ng recommends: Read These 5 Books And Turn Your Life Around in 2025 Blinkist: Andrew Ng's Reading List Undo It all started when a well-known surgical threat intelligence company named Underdark AI shared about a potential threat regarding a data breach on Steam. The company posted on LinkedIn that a hacker named Machine1337 claimed on a popular dark web forum that he has breached datasets of over 89 million user accounts of Steam. These details consist of SMS message logs, user records, phone numbers, and one-time access codes, among other things. He even went on to sell those data for $5,000. The hacker also provided a Telegram contact for purchasing those datasets, a link of sample data hosted on Gofile. The dark web post also contained the internal vendor data as well, citing graver security concerns. However, there is nothing to worry about this report as Steam has dismissed any possibility of a potential data leak stating , 'this was NOT a breach of Steam systems.' The company clarified that previous text messages containing two-factor authentication codes were the source of the leak. Nevertheless, the codes were restricted to the phone numbers that requested them and were only valid for 15 minutes at a time. Since none of the phone numbers in the leak were linked to personal information or Steam account information, they cannot be used to try to compromise Steam's systems. Steam also stated that there is no need for changing passwords or phone numbers due to this report. However, the company has advised to keep a closer look at any account security messages and recommends its users to regularly check Steam account security from here. Players are also advised to sign up for the Steam Mobile Authenticator as it includes a 2-factor-authentication named Steam Guard which prevents potential data breaches. Read More: Why is Schedule 1 removed from Steam in Australia Get IPL 2025 match schedules , squads , points table , and live scores for CSK , MI , RCB , KKR , SRH , LSG , DC , GT , PBKS , and RR . Check the latest IPL Orange Cap and Purple Cap standings.
Hindustan Times
14-05-2025
- Hindustan Times
Steam data leak row: Rumors about 89 million affected false, officials address panic
Recent claims about 89 million Steam user records being sold on the dark web are likely false, experts say. Social media posts sparked panic this week, alleging Steam login details were available for $5,000. However, investigations suggest no actual breach occurred. The rumors began when a LinkedIn post by shared by games journalist MellowOnline1 on X (formerly Twitter), claimed a hacker named 'Machine1337' was selling the data. The leak supposedly included SMS codes and phone numbers tied to Steam accounts. MellowOnline1 speculated the breach came from Twilio, a company providing two-factor authentication (2FA) services for apps like Steam. ALSO READ | What is American Bitcoin, the latest addition to Trump's expanding crypto empire? Twilio denied involvement, telling Bleeping Computer no breach occurred. Valve, Steam's parent company, also clarified it doesn't use Twilio for authentication. Researchers couldn't verify the hacker's claims or the data's source, raising doubts about its legitimacy. While the threat appears exaggerated, users should still secure their accounts. Enable Steam Guard Mobile Authenticator, Valve's official 2FA tool, which adds extra login protection. Change your password regularly—found under 'Settings' or 'Preferences'—and avoid reusing passwords elsewhere. Stay alert for phishing attempts. Scammers often exploit fear around leaks by sending fake 'Steam Support' messages. Never share login codes or personal info via email or links. Valve hasn't issued an official breach alert, reinforcing the likelihood this is a false alarm. However, cybersecurity experts stress proactive measures are always wise. If you've reused your Steam password on other sites, update those immediately. ALSO READ | Is Charmander getting a new evolution? Pokémon fans divided as Gen 10 buzz builds Short, simple steps can prevent most hacking attempts. Check your account's login history for suspicious activity and revoke access to unknown devices. For now, stay calm—but stay cautious.
Time of India
14-05-2025
- Time of India
89 million Steam account details may be stolen as hackers list them for sale, report claims
Steam users are being advised to consider changing their passwords. A report has indicated that hackers may have leaked the details of 89 million Steam accounts, which are now up for sale on the dark web. If this report is accurate, a large number of user accounts could be at risk. Compromised accounts may even lead to users losing access to their collection of PC games. The information about the potential sale comes from a LinkedIn post by Underdark AI. Underdark AI referenced a post on a black market forum by a user named Machine1337. This post is allegedly offering 89 million Steam account details for $5,000. If these details are obtained, accounts without two-factor authentication or those with unchanged passwords could be accessed. Additionally, the information could be used to send phishing messages. The potential situation was noted in a post shared on the social media platform X (earlier Twitter) by the user MellowOnline1. In the X post, the user shared details about the alleged Steam data breach and advised users on how to keep their accounts safe. The user wrote: 'Yesterday, an alleged major @Steam data breach occurred, compromising over 89 million user records (roughly two-thirds of all Steam accounts). These datasets are being sold for over $5,000 on what appears to be a site akin to Mipped. Mipped alongside their sister sites is a forum site we at @SteamSentinels have warned Steam about for years for instances of developer blackmailing, review manipulation, greenlight boosting, and other dodgy activities, but as of yet, Steam hasn't tried to take action against the site. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Live Comfortably: 60 m² Prefab Bungalow for Seniors in Volytsia Pre Fabricated Homes | Search Ads Search Now Undo This inaction has ultimately led to the selling of tens of millions of user account details. ✅ Enable two-factor authentication ✅ Monitor your email for suspicious activity ✅ Change your Steam password (and others, if reused) ✅ Beware of phishing attempts disguised as game promotions or support messages ✅ Join Sentinels of the Store to stay in the know!' In the same thread, the user also noted: 'An update suggests that the alleged Steam data breach is not a direct breach of Steam itself, but rather a supply chain compromise — meaning an external service that Steam relies on was targeted. Here's what we understand from this update: New evidence confirms some real data is involved: A sample of the leaked data includes real-time SMS logs, which are used in two-factor authentication (2FA). Twilio is the vendor named: Twilio is a company that provides communication services, like sending 2FA codes via SMS. Steam uses (or used) Twilio for this. Leaked info includes: Message contents (e.g., the 2FA codes) Delivery status (e.g., sent, delivered, failed) Metadata (timestamps, recipient numbers, etc.) Routing costs (how much it costs to send each message) The implication means that the alleged Mipped seller has backend access to Twilio: The nature of the data suggests the attackers had access to Twilio's systems, likely through a compromised Twilio user account or API key or direct access to Twilio's backend dashboard. Not a direct hack of Steam itself: Steam's internal servers or databases don't appear to be breached. But because they rely on Twilio for sending 2FA codes, this affects their users too. Why it's dangerous: Phishing: Hackers could use the info to send fake but convincing messages to users. Session hijacking: If attackers can intercept or replay 2FA codes, they might bypass login protection.' AI Masterclass for Students. Upskill Young Ones Today!– Join Now
