Valve has reported on Steam’s security breach earlier this week, with the alleged leak involving more than 89 million user records. Fortunately, this is obviously not as bad as it initially seems.
Valve acknowledged the issue in a post on Wednesday on Steam News Hub, but stressed that no user’s account of its popular video game distribution platform has actually been compromised.
“We have checked the leaked sample and confirmed This is not a violation of the steam system, but“ Read the post (emphasized the original).
According to reports, 89 million steam accounts leaked. Change your password now.
Despite the leak, it obviously only includes phone numbers and old one-time text messages sent to them for two-factor authentication. These text messages expire 15 minutes after they are sent, so the archive of past authentication codes doesn’t seem to be useful for any bad actors who may access it.
“The leaked data does not associate a phone number with a Steam account, password information, payment information or other personal data,” The valve continues (emphasis on the original).
“Old text messages cannot be used to violate the security of your Steam account and you will get confirmation via email and/or Steam Secure Messages whenever you change the code for your Steam email or password using SMS.”
Mixable light speed
The news has brought significant relief to PC gamers, many of whom were shocked by Steam’s security breach over the weekend. In a LinkedIn post on Sunday, cybersecurity company Underdark reported that it has provided records of over 89 million Steam users on the Dark Web forum.
Underdark claims they have analyzed data samples provided by the seller, which he claims contains two-factor authentication text message records routed through Twilio. Cloud Communications Company offers products such as two-factor authentication software and lists Shopify and Stripe among its customers.
However, Twilio denied any involvement in steam rupture after investigating the incident. “There is no evidence that Twilio was violated,” a Twilio spokesperson said in a statement to the lost computer. “We have reviewed sampling of data found online and there is no indication that the data was obtained from Twilio.”
And, the valve obviously doesn’t even use Twilio. A Valve spokesperson reportedly told Independent Gaming reporter @Mellowonline1 on Tuesday that the company does not take advantage of Twilio’s services at all.
Still, whatever happens or may end up being harmless, it is obvious that it is violated. Valve is continuing to investigate the source of the leak, “no SMS messages are encrypted in transit and are routed through multiple providers on the way to the phone.”
Given the nature of this violation, Valve recommends that there is no need to change the Steam password. Even so, changing passwords from time to time is still a good general safety and hygiene.
If you are worried about ensuring your Steam account, you can check your authorized device and delete everything you don’t know. You can also set up Steam Mobile Authenticator on the Steam mobile app.
theme
Network security video games
