Steam is a pretty secure platform for the most part, but it’s certainly not immune to cybersecurity threats by any measure, and a new report proves just that, as it’s now being stated that there has been a leak of Steam account data for around 89 million users worldwide. While Valve is no doubt investigating this issue and has been since it was discovered, it’s highly recommended that users change their passwords right away, if at all possible. If it isn’t already enabled, it’s also highly recommended that users enable Steam’s two-factor authentication.
Now, it’s worth noting that none of this is required. Valve hasn’t yet confirmed any information about the data breach on its end. It’s also worth noting that there are a few details that may point to this being overblown. In other words, not as big of a risk as people are making it out to be. Even if that is the case, though, it’s better to be safe. And the safe thing to do is to change your password and enable 2FA if it hasn’t already been done. Any pushback in this regard doesn’t make much sense. Why? Because not doing these things is a risk, and is that a risk you really want to take? Think of all those hours invested in game time. All that potential money in your Steam Wallet. Then imagine losing it all because you didn’t think a password change was necessary.
A direct source for the Steam account data leak hasn’t been identified yet
So far, it doesn’t look like a direct source for the leak has been identified. The leak was first mentioned in a “dark web forum” where the alleged threat actor says they had access to the data of 89+ million Steam accounts. The threat actor is reportedly trying to sell this data for $5,000, as noted by Underdark.ai on LinkedIn. Underdark’s post was spotted by a user on X named MellowOnline1, who also recommends changing your password and enabling 2FA.
MellowOnline1 has a fairly extensive thread going on the breach, stating that they were contacted by Valve and told that Valve doesn’t use Twilio, a service initially thought to be the breach source. However, with Valve’s statement, that doesn’t seem to be the case.
Passwords and other sensitive data may not be at risk directly
Several users in the comments both on LinkedIn and on X have pointed out that there are some red flags which suggest this is little more than smoke. “If this is indeed a valid leak, why is it in the SPAM subforum? This seems odd,” writes Christopher Kunz on LinkedIn.
So far, there has also been no indication that any information was truly obtained or that it’s been sold. With that in mind, there is indeed a chance that a data leak didn’t happen at all. Valve doesn’t appear to have sent out any emails acknowledging the leak or that users may be at risk.
Nevertheless, there may still be a risk even if the password information wasn’t obtained. If a data leak did happen and the only information obtained was email addresses and names, this information could be used to phish for more useful information. So, at the very least, it’s important for users to stay vigilant and keep an eye out for suspicious emails. All of that aside, we still recommend that users avoid unnecessary risks and change their passwords anyway, seeing as changing your password doesn’t really have a downside other than a minor inconvenience to log back into your accounts.
