May 14, 2025 at 2:55pm PDT Valve has issued a statement to PCGamesN acknowledging the data breach but claims that it shouldn't impact the safety of your Steam . You can read the full statement further down this article.
Around 89 million Steam details have seemingly been obtained and put up for sale on the dark web, with the seller reportedly asking for thousands of dollars for the entire database.
In gaming circles, there have been some pretty notorious data leaks and breaches over the years. There's Sony's infamous 'PSN Hack' from 2011. There have been high-profile breaches of information from companies like Insomniac and Capcom. I when the ESA, the association that ran E3 every year, accidentally leaked a bunch of gaming journalists' personal information. But this alleged breach of Steam data could be one of the biggest ever.
Reportedly affecting millions of Steam s, this database apparently contains records, details like phone numbers, two-factor SMS message logs, and one-time access codes. This is all according to Underdark, a cyber threat security company that originally spotted a post on a dark web forum looking for a buyer for the data. The price? Reportedly, it's $5,000.
Underdark also claims that, due to the nature of the information in the database, the source of this data is likely a third-party vendor or service provider rather than Steam itself. Initially, it claimed that this was Twilio, a cloud communications platform that offers SMS 2FA services, but according to independent journalist 'Mellow_Online1' on X, a Valve representative told them that the company does not use Twilio as a service provider.
Given the alleged scope of this breach, I'd definitely encourage anyone reading this with a Steam to take some precautionary measures.
One of the quickest and easiest things you can do is to log yourself out of all sessions on all devices and change your . You should absolutely set up two-factor email authentication as well, if you haven't already done so. You should also only use authentication codes sent to you at the moment you requested them.
In a statement sent to PCGamesN, Valve has now acknowledged the data breach, but says that it only includes old SMS text messages that contained one-time authentication codes that expire after 15 minutes. It also assures that there is no major threat to your security.
"Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers," Valve's statement reads. "We have examined the leak sample and have determined this was NOT a breach of Steam systems. We're still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.
"The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam , information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam , and whenever a code is used to change your Steam email or using SMS, you will receive a confirmation via email and/or Steam secure messages.
"From a Steam perspective, customers do not need to change their s or phone numbers as a result of this event. It is a good reminder to treat any security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam security at any time. We also recommend Steam s set up the Steam Mobile Authenticator if they haven't already, as it gives us the best way to send secure messages about their and that 's safety."