Gaming giant Valve recently addressed concerns about leaked user information, assuring its vast user base that no Steam passwords or private account details were compromised amidst an alleged data breach. The company stated emphatically that the alleged breach originated from a different source and does not involve sensitive information associated with any Steam account.
The issue surfaced when it was reported that older text messages sent to Steam users had ostensibly been leaked and were being distributed on clandestine online platforms. However, Valve was quick to clarify that upon review of the purported leak sample, it was determined categorically that there was no breach of Steam systems.
Security firm Underdark initially publicized the supposed leaks, alleging that information tied to close to 89 million Steam accounts was being traded on the dark web. As it turns out, the leak did not come from Steam, but rather from an SMS service that sends temporary two-factor login codes. Valve confirmed that while phone numbers might have been subject to the leak, there was no information linked to any Steam account, including the association of these numbers to particular accounts, involved in the reported leak.
Steam users can breathe a sigh of relief due to the confirmation that their passwords remain secure and they need not take any corrective measures as a result of this potential security scare. Valve committed to continuing its inquest into the heart of the matter to uncover the origin of the compromised data.
While no immediate change or concern is needed for users, Valve is recommending its user base opts for the Steam Mobile Authenticator as an additional security upgrade. This feature provides a more secure manner of account authentication as compared to the traditional SMS authorization system.
Valve, in a full statement, re-emphasized user securety. The company stated that it had learned of reports of leaks of older text messages previously sent to Steam users. However, after scrutinizing the purported leak, it was clear that there had not been a breach of Steam’s systems.
Valve further elaborated that they are digging into the roots of the leak issue. They also acknowledged that the nature of SMS messages being unencrypted and going through various providers on their journey to users’ phones makes this task more cumbersome.
The leaked data, which consisted of old texts encompassing one-off codes and the phone numbers they were sent to, often had a short valid lifespan of just 15 minutes. The breach did not associate phone numbers with any Steam account, nor did it betray any password, payment, or personal data.
The company ended by advising its users that there is no necessity to alter their passwords or phone numbers due to this event. However, this situation underscores the importance of treating any unexpected account security messages with skepticism. Valve also endorses a regular check of each user’s Steam account security and encourages the use of the Steam Mobile Authenticator for enhanced account safety.
Leave a Reply