Valve Confirms: No Steam User Data Breach

Valve has firmly denied recent reports suggesting its Steam platform experienced a "major" data hack, stating emphatically that there was "NOT a breach" of Steam systems.

Despite concerns among users about the reported compromise of over 89 million user records, Valve's investigation revealed that the leak involved only "older text messages." These messages contained one-time code SMSs, which crucially did not include any personal data.

In a statement posted on Steam, Valve explained that after analyzing the leaked data, it concluded that no customer data was compromised. The statement detailed, "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."

Valve further reassured users by stating, "Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."

Taking the opportunity to enhance user security, Valve encouraged players to utilize the Steam Mobile Authenticator for 2-factor security, describing it as "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and the vast number of Steam users, the concern over a potential security compromise was understandable. Notably, one of the most notorious video game-related data breaches occurred in 2011, when the PlayStation 3 and PlayStation Portable networks were hacked, resulting in a nearly month-long outage and the compromise of 77 million accounts.

Moreover, it's not only customer data at risk. In October of the previous year, Pokémon developer Game Freak suffered a significant hack, leaking data about its staff and development pipeline. In 2023, Sony confirmed that data from nearly 7,000 current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers breached confidential data at Marvel's Spider-Man developer, Insomniac.