Valve、Steamのユーザー情報が安全であることを確認

Valve has firmly denied reports of a major data breach on the Steam platform, dismissing claims that over 89 million user records were exposed as unfounded. In a public statement, the company confirmed that no customer data was compromised, clarifying that only outdated, one-time SMS codes were leaked — not passwords, payment information, or account credentials.

What Actually Happened?

• The leaked data consisted of older text messages containing time-limited SMS authentication codes (valid for just 15 minutes).
• These codes were sent to users’ phones during account security actions, such as changing email addresses or passwords.
• Importantly, the codes were not linked to specific Steam accounts, and no personal information like usernames, passwords, or payment details were included.
• Valve emphasized that using old SMS codes cannot be used to hack accounts, as they expire quickly and require active, real-time use.

“The leaked data included older text messages containing one-time codes valid only for 15-minute windows and the phone numbers to which they were sent. The information did not link phone numbers to Steam accounts, passwords, payment details, or any other personal data.”

Why Users Were Concerned

With over 89 million active Steam accounts, the scale of the alleged leak naturally sparked alarm. However, Valve’s investigation found that:

• The data wasn’t stolen from Steam’s servers.
• It likely came from third-party sources or old backups, not a live system compromise.
• No evidence suggests attackers gained access to account control, financial data, or login credentials.

Valve’s Security Reminder

While there was no breach, Valve used the situation to urge users to strengthen account security, particularly by:

• Enabling the Steam Mobile Authenticator (recommended as the most secure two-factor authentication method).
• Avoiding SMS-based codes, which are increasingly vulnerable to SIM-swapping attacks.

“The Steam Mobile Authenticator is the most effective method for receiving secure messages about your account and its safety.”

Broader Context: Cybersecurity in Gaming

Steam isn’t alone in facing cyber threats. The gaming industry has seen a sharp rise in high-profile breaches:

• 2011 PlayStation Network breach: 77 million accounts compromised; service down for nearly a month.
• 2023 Game Freak hack: Internal data, staff records, and development pipelines leaked.
• Sony 2023 breaches: Nearly 7,000 employees’ personal data exposed in two separate incidents.
• December 2023: Insomniac Games (Spider-Man developer): Confidential data, including internal communications, stolen by hackers.

These events underscore a growing threat landscape where gaming companies are prime targets not just for user data, but also for intellectual property and development secrets.

Final Takeaway

✅ No breach occurred — Steam’s systems were not compromised.
✅ No personal data was exposed — only expired, non-linkable SMS codes.
✅ No immediate risk to accounts — as long as users use strong 2FA.
📌 Action item: Users should enable Steam Mobile Authenticator immediately for maximum protection.

Stay safe, stay vigilant, and always use multi-factor authentication — especially on platforms with millions of users.