Steam Leak Scare Explained: No Breach, But Old Data Resurfaces
Over the past few days, reports of a massive Steam data leak caused panic among gamers. A dark web post by a known cybercriminal, EnergyWeaponUser, claimed to offer a database with 89 million user records, including phone numbers and old one-time passcodes used for Steam’s two-factor authentication. The data was listed for $5,000, raising fears of a major breach at Valve.
But here’s the truth: Steam itself wasn’t hacked. Valve has confirmed that the platform remains secure. The leaked information appears to come from older SMS messages sent to Steam users—messages that contained expired codes and phone numbers. Crucially, these phone numbers can’t be directly tied to specific accounts, making the data much less useful to attackers.
So where did the data come from? One theory pointed to Twilio, a cloud communications company that handles SMS services for many businesses. But Twilio says it investigated and found no signs of a breach. This has led some to suspect that a smaller, third-party SMS provider may have been compromised instead—though no specific source has been confirmed.
While the leak doesn’t pose an immediate threat, Valve is urging users to stay cautious. It’s a good time to turn on the Steam Guard Mobile Authenticator, double-check account activity, and update your password if you’re concerned.
In short: this isn’t a catastrophic breach, but it’s another reminder that even old data can resurface in unexpected ways. Stay safe, stay alert.
