Valve has not yet confirmed the source of the breach, but we know for sure that about 89 million Steam accounts went on sale on the dark web.
Where was this event first announced? The cybersecurity company, called Underdark, was the first source who announce this serious incident on their LinkedIn account.
EnergyWeaponsUser, the entity responsible for the data breach, claims on a dark forum they are selling the stolen information in an auction, starting at a price of $5,000. BleepingComputer investigated the information and claims the data consists of “historic SMS text messages with one-time passcodes for Steam, including the recipient’s phone number”.
An independent games journalist, MellowOnline1, believes the source of the leak is a supply chain attack that Twilio suffered.
Twilio is a cloud communications platform that companies use for phone calls, video calls, and SMS messaging. It allows developers to use one-time passwords in the authentication process.
MellowOnline1 highlighted technical signs in the leaked data of real-time SMS activity originating from Twilio’s backend systems. This fuels speculations about compromised admin accounts or abuse of API keys.
However, Twilio denied the rumor in a statement for BleepingComputer. “There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio.”, a company representative told the news outlet.
If you want to minimize the chances of losing your Steam personal data, you can activate two-step authentication. 2FA will significantly increase the security of your account against unauthorized access.
Subscribe to our newsletter
By activating this, you have the following options:
- password and SMS one-time code
- password and email code
- password and authentication app code
Be sure to constantly check suspicious activity on your Steam account.
Later Edit Update: Following an investigation, Steam officially denied any system breach in a recent statement responding to concerns.
The company clarified that the one-time codes, which have been leaked, are only usable for 15 minutes, and the messages in question were old. This means Steam accounts are not affected by the incident, and any kind of personal data is safe.
“You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious.”, recommended Steam.
MellowOnline1 highlighted technical signs in the leaked data of real-time SMS activity originating from Twilio’s backend systems. This fuels speculations about compromised admin accounts or abuse of API keys.
However, Twilio denied the rumor in a statement for BleepingComputer. “There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio.”, a company representative told the news outlet.
If you want to minimize the chances of losing your Steam personal data, you can activate two-step authentication. 2FA will significantly increase the security of your account against unauthorized access.
Subscribe to our newsletter
By activating this, you have the following options:
- password and SMS one-time code
- password and email code
- password and authentication app code
Be sure to constantly check suspicious activity on your Steam account.
Later Edit Update: Following an investigation, Steam officially denied any system breach in a recent statement responding to concerns.
The company clarified that the one-time codes, which have been leaked, are only usable for 15 minutes, and the messages in question were old. This means Steam accounts are not affected by the incident, and any kind of personal data is safe.
“You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious.”, recommended Steam.
.webp)
.webp)
