Valve refutes data breach reports; user passwords remain secure

Last night, a news about a third-party vendor potentially linked to Valve suffering a data breach was aired, urging users to change their passwords and 2FA.

The breach reportedly exposed the credentials of over 89 million Steam users, including their usernames, passwords, 2FA SMS logs, messages, and metadata. The breach was highlighted by Mellow_Online1 via a LinkedIn post from Underdark AI, and allegedly stems from a hacker known as Machine1337.

However, Valve cleared the confusion, stating that the leak involved older SMS messages containing expired one-time codes and the phone numbers they were sent to, but did not include Steam account passwords, user IDs, or payment information.

They ensured that the data is not linked to specific Steam accounts, and the codes were only valid for 15 minutes, thus no action is required regarding password or phone number changes.

You can read Valve's official statement here.