89 Million Steam Accounts Allegedly Hacked – Change Your Password Now

Steam security alert: 89 million accounts allegedly compromised in third-party breach. Experts recommend password changes despite Valve’s denial.

Annemarije de Boer Avatar
Annemarije de Boer Avatar

By

Our editorial process is built on human expertise, ensuring that every article is reliable and trustworthy. AI helps us shape our content to be as accurate and engaging as possible.
Learn more about our commitment to integrity in our Code of Ethics.

Image credit: Steam

Key Takeaways

Key Takeaways

  • Reports claim 89 million Steam account details are being sold on the dark web for $5,000, allegedly including phone numbers and one-time authentication codes.
  • The breach appears to be a supply chain compromise involving a third-party SMS provider rather than a direct hack of Steam’s systems.
  • Valve denies any breach of Steam itself, but security experts still recommend changing your password and enabling Steam Guard for maximum protection.

Your gaming accounts are just as tempting to hackers as your bank details. The latest digital drama involves Steam, where an alleged data breach has reportedly exposed a staggering 89 million user accounts. The data—supposedly containing phone numbers and one-time passwords—is currently being auctioned off to the highest bidder for a surprisingly modest $5,000. That’s less than the cost of a gaming PC to potentially access millions of accounts filled with game libraries worth thousands. It’s another reminder of how large-scale breaches, like the AI-driven Gmail scam that exposed billions, turn every corner of your digital life into a potential target.

Caught in the rain of security alerts? Here’s what happened: cybersecurity firm Underdark first reported the breach on LinkedIn, claiming a hacker identified as “Machine1337” was selling Steam user records on a dark web forum. The news spread faster than a battle royale circle collapse, with social media user Mellow_Online1 amplifying the warning across platforms.

If you’re panicking about your precious game library being hijacked, Valve wants you to take a breath. The company has officially denied any direct breach of Steam systems. “Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.” Valve stated. The gaming giant claims the compromised data is limited to old SMS logs containing expired one-time passcodes.

This isn’t your standard data breach where hackers directly infiltrate a system. Security experts believe this is a supply chain attack targeting a third-party SMS provider that handles Steam’s two-factor authentication messages. Even Twilio, a major SMS service provider, has denied involvement, stating there’s “no evidence to suggest that Twilio was breached.”

The conflicting reports leave gamers in a frustrating limbo. Should you panic-change all your passwords or dismiss this as a nothing burger? The safest approach lands somewhere in the middle.

Even with Valve’s reassurances, changing your Steam password takes less time than a PUBG lobby wait. If you haven’t already enabled Steam Guard (Valve’s two-factor authentication system), now’s the perfect moment to add that extra security layer. These simple steps dramatically reduce your risk, regardless of how legitimate this particular threat turns out to be.

For maximum account protection, also enable login notifications to receive alerts whenever someone attempts to access your account from a new device. Regularly review your account’s authorized devices and remove any you don’t recognize or no longer use. Consider using a password manager to generate and store complex, unique passwords that are virtually impossible to crack through brute force methods.

The incident highlights an uncomfortable truth about modern digital security: sometimes the weakest link isn’t the platform itself but the constellation of third-party services surrounding it. Your account might be Fort Knox, but if the company sending your verification codes has security like a screen door on a submarine, you’re still vulnerable.

Gaming accounts have become increasingly attractive targets for hackers. With digital game libraries often worth hundreds or thousands of dollars and payment information frequently stored for convenience, your Steam account might be more valuable than you realize. Adding the potential for identity theft through connected personal information, and suddenly, gaming security deserves the same attention as your banking passwords.

While we wait for more definitive information about this breach, stay vigilant for phishing attempts. Hackers love to capitalize on security scares by sending fake password reset emails or urgent security notices. If you receive any suspicious communications supposedly from Steam, access your account directly through the official website or app rather than clicking any links.

In today’s interconnected digital ecosystem, your security is only as strong as your practices. Whether this breach proves legitimate or overblown, it serves as a timely reminder: a few minutes spent strengthening your digital defenses today can save you countless hours of recovery tomorrow. After all, in the game of cybersecurity, the best defense isn’t just good—it’s proactive.

Share this

At Gadget Review, our guides, reviews, and news are driven by thorough human expertise and use our Trust Rating system and the True Score. AI assists in refining our editorial process, ensuring that every article is engaging, clear and succinct. See how we write our content here →