Valve Confirms: No Steam User Data Breach in Hack

Valve has firmly denied recent reports suggesting that its Steam platform experienced a "major" data hack, emphasizing that there was "NOT a breach" of Steam systems. This statement comes after concerns were raised among users regarding the alleged compromise of over 89 million user records. However, Valve's thorough investigation revealed that the leak involved only "older text messages" containing one-time code SMSs, which did not include any personal data.

In a detailed statement on Steam, Valve clarified that their analysis of the leak sample confirmed that no customer data was compromised. They stated, "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."

Valve further reassured users that "old text messages cannot be used to breach the security of your Steam account," and highlighted that any use of a code to change a Steam email or password via SMS would trigger a confirmation email and/or a secure message through Steam.

Taking this opportunity, Valve encouraged players to enhance their account security by setting up the Steam Mobile Authenticator, describing it as "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and the significant number of Steam users—over 89 million—the community had legitimate concerns about potential security threats. This situation echoes past incidents in the gaming industry, such as the infamous 2011 PlayStation Network hack, which compromised 77 million accounts and caused a nearly month-long outage. More recently, in October of the previous year, Pokémon developer Game Freak faced a significant breach, leaking data about its staff and development pipeline. In 2023, Sony confirmed that data from nearly 7,000 current and former employees was compromised in two separate breaches, and in December of the same year, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac. These incidents underscore the ongoing risks to both customer and corporate data within the gaming sector.