Valve has firmly refuted recent reports suggesting a "major" data breach on its Steam platform, assuring users that there was "NOT a breach" of Steam systems.
Despite concerns raised by reports of over 89 million user records being compromised, Valve's investigation revealed that the leak involved only "older text messages." These messages contained one-time code SMSs, which did not include any personal data.
In a statement released on Steam, Valve clarified that after analyzing the leaked sample, it confirmed that no customer data was compromised. The statement detailed, "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."
Valve further reassured users, stating, "Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."
While addressing the leak, Valve encouraged users to enhance their account security by setting up the Steam Mobile Authenticator, which they described as "the best way to send secure messages about your account and your account's safety."
The concern over data breaches is understandable, especially given the large number of Steam users—over 89 million. The gaming community remains vigilant, recalling the infamous 2011 breach of PlayStation 3 and PlayStation Portable networks, which led to a nearly month-long outage and compromised 77 million accounts.
Moreover, recent incidents highlight the ongoing threat to the gaming industry. In October of the previous year, Pokémon developer Game Freak experienced a significant hack, leaking data about its staff and development pipeline. In 2023, Sony confirmed breaches affecting nearly 7,000 current and former employees, and in December 2023, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac. These events underscore the importance of robust security measures in protecting both user and corporate data.
