Valve Confirms: Steam User Data Secure

Valve has refuted recent reports claiming its Steam platform experienced a "major" data breach, stating there was "NOT a breach" of Steam systems.

Although some users were alarmed by claims that over 89 million user records may have been exposed, Steam's own investigation found that while "older text messages" were leaked, these one-time SMS codes contained no personal information.

In a statement published on Steam, Valve explained that after reviewing the leaked sample, it confirmed no customer data was compromised: "The leaked data included older text messages containing one-time codes valid only for 15-minute windows and the phone numbers to which they were sent. The information did not link phone numbers to Steam accounts, passwords, payment details, or any other personal data."

"Outdated text messages cannot be used to compromise your Steam account's security. Furthermore, whenever an SMS code is used to modify your Steam email or password, you will receive a confirmation via email and/or Steam secure messages," the company added.

Valve did, however, use this opportunity to remind users to enable the Steam Mobile Authenticator for two-factor security, describing it as "the most effective method for receiving secure messages about your account and its safety."

Considering the increasing frequency of data breaches and the fact that over 89 million people maintain Steam accounts, users had legitimate concerns about potential security issues. The most notorious video game-related data breach happened in 2011 when PlayStation 3 and PlayStation Portable networks experienced a severe outage lasting almost a month, compromising 77 million accounts.

Customer data isn't the only target at risk. As recently as last October, Pokémon developer Game Freak experienced a significant hack where information about current and former staff was leaked, along with its development pipeline. The previous year in 2023, Sony confirmed that data belonging to nearly 7,000 current and former employees had been exposed in two separate breaches, and in December 2023, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac.