Latest news with #SteamMobileAuthenticator
CNET
15-05-2025
- CNET
Steam Says There's No Need to Change Your Password After Data Breach. But Set Up This Safety Feature Anyway
Steam has denied that a reported data breach endangered its users' personal information. First reported by Underdark, a cybersecurity company, on LinkedIn, information for 89 million Steam accounts popped up for sale on the dark web, including text messages with validation codes and the phone numbers they were sent to. Steam, Valve's popular online gaming store and distribution platform, responded to the news last night with a statement saying, "We have examined the leak sample and have determined this was NOT a breach of Steam systems." The company said that the leaked data did not link the phone numbers with Steam accounts, passwords, payment information or other personal data. "Old text messages cannot be used to breach the security of your Steam account," the statement said. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages." You do not need to change your passwords or phone numbers as a result of this event, but it's a good reminder to treat any account security messages that you haven't explicitly requested as suspicious. The origin of the breach has not yet been confirmed, and Valve did not immediately respond to CNET's request for comment. The data allegedly includes users' one-time passwords and phone numbers. The threat actor says it's auctioning off this information for $5,000. Steam said that users don't need to update their passwords, which CNET recommended in a previous version of this story. But it did recommend regularly checking your Steam account security. However, whenever you're worried about a security breach, changing your password is a smart move. If you have a Steam account, it doesn't hurt to change your password now to keep your game library -- and financial information -- secure. Here are some additional ways to protect your account. How to protect your Steam account Even if it may not be necessary, it doesn't hurt for Steam account holders to change their passwords. At the very least, this will help secure your account. If you want to take it a step further, you can use a password manager to create complex passwords and store them for you. Steam also recommended setting up the Steam Mobile Authenticator, which enables two-factor authentication with your phone number and email. 2FA is an easy step that will make it much more difficult for unauthorized users to access your account. Steam doesn't support the use of hardware security keys, which can offer another level of protection, so its in-house 2FA is going to be your best bet to protect your account. If you already have 2FA enabled, be sure to check your email for any suspicious activity linked to your Steam account. If you've recently received any one-time password text messages that you did not request, ignore them and change your password again. In the coming weeks, keep an eye out for any phishing attempts disguised as game product offers or other Steam-related content.
CNET
15-05-2025
- CNET
Update: Steam Says There's No Need to Change Your Password After Data Breach. But Set Up This Safety Feature Anyway
Steam has denied that a reported data breach endangered its users' personal information. First reported by Underdark, a cybersecurity company, on LinkedIn, information for 89 million Steam accounts popped up for sale on the dark web, including text messages with validation codes and the phone numbers they were sent to. Steam, Valve's popular online gaming store and distribution platform, responded to the news last night with a statement saying, "We have examined the leak sample and have determined this was NOT a breach of Steam systems." The company said that the leaked data did not link the phone numbers with Steam accounts, passwords, payment information or other personal data. "Old text messages cannot be used to breach the security of your Steam account," the statement said. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages." You do not need to change your passwords or phone numbers as a result of this event, but it's a good reminder to treat any account security messages that you haven't explicitly requested as suspicious. The origin of the breach has not yet been confirmed, and Valve did not immediately respond to CNET's request for comment. The data allegedly includes users' one-time passwords and phone numbers. The threat actor says it's auctioning off this information for $5,000. Steam said that users don't need to update their passwords, which CNET recommended in a previous version of this story. But it did recommend regularly checking your Steam account security. However, whenever you're worried about a security breach, changing your password is a smart move. If you have a Steam account, it doesn't hurt to change your password now to keep your game library -- and financial information -- secure. Here are some additional ways to protect your account. How to protect your Steam account Even if it may not be necessary, it doesn't hurt for Steam account holders to change their passwords. At the very least, this will help secure your account. If you want to take it a step further, you can use a password manager to create complex passwords and store them for you. Steam also recommended setting up the Steam Mobile Authenticator, which enables two-factor authentication with your phone number and email. 2FA is an easy step that will make it much more difficult for unauthorized users to access your account. Steam doesn't support the use of hardware security keys, which can offer another level of protection, so its in-house 2FA is going to be your best bet to protect your account. If you already have 2FA enabled, be sure to check your email for any suspicious activity linked to your Steam account. If you've recently received any one-time password text messages that you did not request, ignore them and change your password again. In the coming weeks, keep an eye out for any phishing attempts disguised as game product offers or other Steam-related content.
Metro
15-05-2025
- Metro
Valve confirms Steam data leak but denies it's a serious problem
Steam users are in a panic about a supposed data breach, but according to Valve nothing significant has actually happened. Data breaches at big companies are hardly a rarity, in the video game world or elsewhere, so when talk of a 'massive' breach at Steam started to appear online it wasn't necessarily that surprising. Warnings spread that customers should immediately change their passwords, phone numbers, and payment details, with reports that personal data had been stolen by hackers. However, according to Steam owner Valve, the whole story is overblown and only 'older text messages' have been accessed, that are no help in breaking into Steam accounts. As such, they insist that this is 'NOT a breach of Steam systems' and nothing is at risk. The rumours of a breach started with a LinkedIn post which, for some reason, everyone decided to believe, even though the talk of a 'dark web forum' and the hacker demanding only $5,000 (£3,700) for '89 million user records' sounded extremely made-up. Valve's explanation of the situation is confusingly written but it does seem to confirm that text messages were acquired illegally, even if they're of no use to anyone. The breach was supposedly achieved by getting access to two-factor authentication SMS logs, but as Valve points out those messages are only good for 15 minutes and according to them all the ones that have been leaked are old. 'We're still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit and routed through multiple providers on the way to your phone,' reads the statement on Steam. 'The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.' Importantly, they insist that: 'You do not need to change your passwords or phone numbers as a result of this event.' Given the extreme bad publicity that would result if Valve were found to be underplaying the leak there doesn't seem any reason not to take their comments at face value, especially given the more absurd elements of the initial LinkedIn post. As they point out though, you should always treat any security messages you have not requested as extremely suspicious. They also recommend the Steam Mobile Authenticator app for added security. Email gamecentral@ leave a comment below, follow us on Twitter, and sign-up to our newsletter. To submit Inbox letters and Reader's Features more easily, without the need to send an email, just use our Submit Stuff page here. For more stories like this, check our Gaming page. MORE: Nintendo Switch 2 pre-orders back in stock at UK retailers with new bundles MORE: Over 75% of all PlayStation game sales are digital as physical sales plummet MORE: Iron Man game details leaked by EA as Marvel 1943: Rise Of Hydra delayed
Time of India
15-05-2025
- Time of India
"NOT a breach of Steam systems" - Steam dismisses reports of data leak as fake
Image via Valve. A few days ago, an alleged data breach pointed many fingers towards Steam. However, this highly popular PC gaming platform has debunked all the possibilities of date leaks. According to the initial reports, over 89 million Steam accounts were compromised. But after Steam's assurance, it doesn't seem to be a concern anymore. Despite the abundance of Epic Games Store, GOG, Xbox Store for Windows, and many others, Steam remains the most popular PC gaming platform. Besides being popular, this platform is hugely secure as well. That is why the initial claims of a potential data leak comes out to be false. Steam debunks any possibility of a potential data breach The data breach report is actually false. | Image via Valve. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like AI guru Andrew Ng recommends: Read These 5 Books And Turn Your Life Around in 2025 Blinkist: Andrew Ng's Reading List Undo It all started when a well-known surgical threat intelligence company named Underdark AI shared about a potential threat regarding a data breach on Steam. The company posted on LinkedIn that a hacker named Machine1337 claimed on a popular dark web forum that he has breached datasets of over 89 million user accounts of Steam. These details consist of SMS message logs, user records, phone numbers, and one-time access codes, among other things. He even went on to sell those data for $5,000. The hacker also provided a Telegram contact for purchasing those datasets, a link of sample data hosted on Gofile. The dark web post also contained the internal vendor data as well, citing graver security concerns. However, there is nothing to worry about this report as Steam has dismissed any possibility of a potential data leak stating , 'this was NOT a breach of Steam systems.' The company clarified that previous text messages containing two-factor authentication codes were the source of the leak. Nevertheless, the codes were restricted to the phone numbers that requested them and were only valid for 15 minutes at a time. Since none of the phone numbers in the leak were linked to personal information or Steam account information, they cannot be used to try to compromise Steam's systems. Steam also stated that there is no need for changing passwords or phone numbers due to this report. However, the company has advised to keep a closer look at any account security messages and recommends its users to regularly check Steam account security from here. Players are also advised to sign up for the Steam Mobile Authenticator as it includes a 2-factor-authentication named Steam Guard which prevents potential data breaches. Read More: Why is Schedule 1 removed from Steam in Australia Get IPL 2025 match schedules , squads , points table , and live scores for CSK , MI , RCB , KKR , SRH , LSG , DC , GT , PBKS , and RR . Check the latest IPL Orange Cap and Purple Cap standings.
Express Tribune
15-05-2025
- Express Tribune
Steam accounts leaked: 89 million accounts allegedly available on Dark Web
An alleged data leak involving 89 million Steam accounts has triggered a wave of concern among gamers. The breach first came to light via cybersecurity firm Underdark, which reported that a dark web vendor going by the alias Machine1337 had listed a database for sale at $5,000. The listing claimed to include phone numbers, one-time SMS authentication codes, and account metadata — potentially usable in phishing or social engineering attacks. Yesterday, an alleged major @Steam data breach occurred, compromising over 89 million user records (roughly two-thirds of all Steam accounts). These datasets are being sold for over $5,000 on what appears to be a site akin to Mipped. Mipped alongside their sister sites is a… — Mellow_Online1 (@MellowOnline1) May 11, 2025 However, Valve responded swiftly, stating the leaked data comprised obsolete SMS codes sent via an external communications provider and not through its own systems. 'We have examined the leak sample and have determined this was NOT a breach of Steam systems,' Valve said in a public statement. At the time of reporting, over 30 million users were concurrently online on Steam, underlining the scale of potential impact. While no passwords, payment data or account credentials were accessed, security experts have urged caution. The root of the leak appears to be an external SMS provider previously used to deliver two-factor authentication codes. Those codes, now expired, were likely scraped or acquired through third-party vulnerabilities rather than a direct breach of Steam. Despite Valve's assurance, cybersecurity researchers warn that even outdated information could be used in targeted phishing campaigns. They advise all Steam users to: Change their passwords to strong, unique ones Replace SMS-based 2FA with Steam Mobile Authenticator Review login history and account activity for suspicious behaviour Stay alert to phishing attempts mimicking Steam Support Users are also urged to ignore unsolicited SMS one-time passwords and avoid clicking on suspicious links, particularly in emails referencing game offers or security warnings. While Valve appears to have dodged a direct compromise, the incident highlights ongoing risks tied to third-party security lapses — and the need for users to stay vigilant.
