Valve has firmly refuted recent reports suggesting its Steam platform experienced a "major" data hack, emphasizing that there was "NOT a breach" of Steam's systems.
Despite concerns from some users about the potential compromise of over 89 million user records, Steam's investigation revealed that the leak involved only "older text messages." These messages contained one-time code SMSs but did not include any personal data.
In a statement released on Steam, Valve detailed its findings after analyzing the leaked data. "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data," the company explained.
Valve further reassured users that "old text messages cannot be used to breach the security of your Steam account." They highlighted that any use of a code to change a Steam email or password via SMS triggers a confirmation sent via email and/or Steam secure messages.
Valve also took this opportunity to encourage users to enhance their account security by setting up the Steam Mobile Authenticator. This tool provides two-factor authentication, which Valve describes as "the best way to send secure messages about your account and your account's safety."The concern over this potential breach is understandable, given the increasing frequency of data breaches and the fact that over 89 million users have Steam accounts. This situation recalls the notorious 2011 data breach involving PlayStation 3 and PlayStation Portable networks, which led to a nearly month-long outage and compromised 77 million accounts.
Moreover, data breaches extend beyond customer information. For example, in October of the previous year, Pokémon developer Game Freak was hit by a significant hack, leaking data about its staff and development projects. In 2023, Sony confirmed that data from nearly 7,000 of its current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers breached confidential data at Marvel's Spider-Man developer, Insomniac, highlighting the ongoing risks faced by companies in the gaming industry.
