Valve Confirms: No Steam User Data Breach

Valve has firmly refuted recent reports suggesting that its Steam platform experienced a "major" data hack, emphasizing that there was "NOT a breach" of Steam's systems.

Despite concerns from some users about reports claiming over 89 million user records were compromised, Steam's investigation revealed that the leak involved only "older text messages." These messages contained one-time code SMSs but did not include any personal data.

In a statement posted on Steam, Valve detailed its findings after reviewing the leak sample. The company confirmed that customer data remained secure, stating: "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."

Valve further reassured users that "old text messages cannot be used to breach the security of your Steam account." They noted that any use of a code to change a Steam email or password via SMS triggers a confirmation sent via email and/or Steam secure messages.

Valve also took the opportunity to encourage players to enhance their account security by setting up the Steam Mobile Authenticator, which provides two-factor authentication. This method, they stated, is "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and the fact that over 89 million users have Steam accounts, it's understandable that users were concerned about a potential security compromise. A notable example of a video game-related data breach occurred in 2011, when PlayStation 3 and PlayStation Portable networks were severely compromised, resulting in a nearly month-long outage and the compromise of 77 million accounts.

Moreover, it's not only customer data that's at risk. In October of the previous year, Pokémon developer Game Freak suffered a significant hack, leading to the leak of data about its former and current staff, as well as its development pipeline. In 2023, Sony confirmed that data belonging to nearly 7,000 current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers breached confidential data at Marvel's Spider-Man developer, Insomniac.