Valve confirme : les données des utilisateurs Steam restent sécurisées

Valve has officially denied claims of a major data breach on the Steam platform, despite widespread concern following reports that over 89 million user records may have been exposed. In a clear and direct statement, Valve confirmed: "There was NOT a breach of Steam systems."

The confusion arose after a batch of supposedly leaked data surfaced online, containing what appeared to be old text messages — specifically, one-time SMS verification codes used during account authentication. However, Valve's internal investigation revealed that these were not sensitive personal details, but rather temporary codes that were valid for only 15 minutes and had no connection to user accounts, passwords, payment information, or email addresses.

Key Points from Valve’s Statement:

• The leaked data: Old SMS messages with one-time codes and associated phone numbers.
• No personal linking: These codes were not tied to Steam accounts, so no user identity was compromised.
• Security impact: The codes are time-limited and cannot be used to gain unauthorized access to accounts.
• Account protection: Any change to email or password via SMS triggers additional confirmation via email and/or Steam’s secure messaging system, ensuring users are notified of such actions.

“Outdated text messages cannot be used to compromise your Steam account's security.”

Valve’s Security Reminder:

While confirming no breach occurred, Valve used the situation to urge users to strengthen their account security:

• Enable the Steam Mobile Authenticator — described as the "most effective method" for receiving secure, real-time alerts about account activity.
• The authenticator provides two-factor authentication (2FA) using a time-based code from the Steam mobile app, which is far more secure than SMS-based codes.

This recommendation comes amid growing concerns over cybersecurity in the gaming industry:

• 2011 PlayStation Network breach: Affected 77 million accounts, one of the worst in gaming history.
• 2023 Game Freak hack: Leaked employee data and internal development pipelines.
• Sony breaches (2023): Nearly 7,000 employees’ data exposed in two separate incidents.
• Insomniac Games (Dec 2023): Hackers accessed confidential data from the developer behind Spider-Man.

Takeaway:

While the leak of old SMS codes was alarming, Valve’s investigation confirms no actual compromise of user accounts or data. Still, it serves as a critical reminder for gamers to:

• Enable 2FA, ideally via the Steam Mobile Authenticator (not SMS).
• Avoid using SMS for 2FA, as it's vulnerable to SIM-swapping and interception.
• Stay vigilant for suspicious emails or login attempts.

In short: No breach. No stolen passwords. But yes — enable 2FA now. 🔒🎮