Update (as on May 15): Valve posted on the Steam Community after examining the leaked data that the systems haven’t suffered a breach. The sample data contained codes that were valid for 15 minutes and the phone numbers. And as a result, users don’t need to change your passwords. Twilio also responded that there’s no evidence to suggest they were breached.
Steam has long been seen as the ultimate gaming platform, enjoying massive popularity and a reputation that goes beyond just games. It’s also known for its strong security measures, giving users solid control over their accounts. However, that streak of tight security took a hit recently, with reports emerging of a huge data breach that could have exposed millions of accounts.
A LinkedIn post from Underdark AI revealed that more than 89 million Steam accounts, along with their 2FA codes and details like Messages, Delivery status, Metadata, and Routing costs, might have been compromised. The leak was initially spotted by an X user named MellowOnline1. The threat actor behind the breach reportedly posted the data on the dark web and is demanding $5,000 for it.
They also shared a link to sample data along with references to internal vendor information. Underdark AI later updated their post to say the leaked 2FA codes were routed through Twilio. However, a Valve representative contacted the X user, clarifying that Steam doesn’t use Twilio.
So far, there’s no confirmation that the breach actually happened. What do you think about these reports? Do you believe the Steam data breach is real? Share your thoughts in the comments below.
