Steam data leak row: Rumors about 89 million affected false, officials address panic
Claims that Steam user records have been leaked and being sold on the dark web are likely false, according to cyber experts
Recent claims about 89 million Steam user records being sold on the dark web are likely false, experts say. Social media posts sparked panic this week, alleging Steam login details were available for $5,000. However, investigations suggest no actual breach occurred.
How did the rumors begin for Steam?
The rumors began when a LinkedIn post by Underdark.ai, shared by games journalist MellowOnline1 on X (formerly Twitter), claimed a hacker named “Machine1337” was selling the data. The leak supposedly included SMS codes and phone numbers tied to Steam accounts. MellowOnline1 speculated the breach came from Twilio, a company providing two-factor authentication (2FA) services for apps like Steam.
ALSO READ | What is American Bitcoin, the latest addition to Trump's expanding crypto empire?
Twilio denied involvement, telling Bleeping Computer no breach occurred. Valve, Steam’s parent company, also clarified it doesn’t use Twilio for authentication. Researchers couldn’t verify the hacker’s claims or the data’s source, raising doubts about its legitimacy.
What should Steam users do?
While the threat appears exaggerated, users should still secure their accounts. Enable Steam Guard Mobile Authenticator, Valve’s official 2FA tool, which adds extra login protection. Change your password regularly—found under “Settings” or “Preferences”—and avoid reusing passwords elsewhere.
Stay alert for phishing attempts. Scammers often exploit fear around leaks by sending fake “Steam Support” messages. Never share login codes or personal info via email or links.
Valve hasn’t issued an official breach alert, reinforcing the likelihood this is a false alarm. However, cybersecurity experts stress proactive measures are always wise. If you’ve reused your Steam password on other sites, update those immediately.
ALSO READ | Is Charmander getting a new evolution? Pokémon fans divided as Gen 10 buzz builds
Short, simple steps can prevent most hacking attempts. Check your account’s login history for suspicious activity and revoke access to unknown devices. For now, stay calm—but stay cautious.
