A leak of outdated textual content messages despatched to Steam prospects with one-time codes for logins was “not a breach of Steam programs,” Valve says in a post published Wednesday.
Valve’s response follows information {that a} hacker is allegedly in possession of 89 million consumer data and put them up on the market for $5,000, as BleepingComputer reports. BleepingComputer checked out 3,000 leaked recordsdata and located “historic SMS textual content messages with one-time passcodes for Steam, together with the recipient’s telephone quantity.”
Whereas one X consumer claimed that there is proof tying the breach to Twilio, a Twilio spokesperson advised BleepingComputer that “there isn’t any proof to counsel that Twilio was breached” and that “we’ve reviewed a sampling of the info discovered on-line, and see no indication that this information was obtained from Twilio.” Valve additionally advised the X consumer that it does not use Twilio.
“The leak consisted of older textual content messages that included one-time codes that have been solely legitimate for 15-minute time frames and the telephone numbers they have been despatched to,” Valve says in its submit. “The leaked information didn’t affiliate the telephone numbers with a Steam account, password info, fee info or different private information. Outdated textual content messages can’t be used to breach the safety of your Steam account, and each time a code is used to vary your Steam e mail or password utilizing SMS, you’ll obtain a affirmation through e mail and/or Steam safe messages.”
Valve provides that you simply don’t want to vary your password or telephone quantity following this leak, although it does suggest establishing the Steam Cell Authenticator.
The corporate says it’s “nonetheless digging into the supply of the leak.”