In a significant cybersecurity incident, approximately 89 million Steam accounts have been compromised, with user data reportedly being sold on the dark web for $5,000. The breach was first disclosed by Israeli cybersecurity firm Underdark.ai, which identified a hacker operating under the alias “Machine1337” as the individual responsible for listing the stolen data on underground forums .
Investigations suggest that the breach did not stem from a direct attack on Valve, the company behind Steam. Instead, the vulnerability appears to have originated from Twilio, a third-party provider that offers SMS-based two-factor authentication services. The compromised data includes sensitive information such as phone numbers, message contents, delivery statuses, timestamps, and associated metadata .
The exposed information poses significant risks, including identity theft, phishing attacks, and unauthorized access to personal and financial data. Given that Steam accounts often contain valuable digital assets, including purchased games and in-game items, the breach could lead to substantial financial losses for affected users.
In light of the breach, cybersecurity experts strongly advise all Steam users to take the following precautions:
- Change Passwords Immediately: Update your Steam account password, ensuring it is strong and unique. Avoid using the same password across multiple platforms.
- Enable Two-Factor Authentication (2FA): Activate Steam Guard or another form of 2FA to add an extra layer of security to your account.
- Monitor Account Activity: Regularly check your account for any unauthorized transactions or changes.
- Be Vigilant Against Phishing Attempts: Be cautious of unsolicited communications requesting personal information or directing you to unfamiliar websites.
As of now, Valve has not issued an official statement regarding the breach. The company has previously emphasized the importance of account security, noting that approximately 77,000 Steam accounts are hijacked each month, often due to users not enabling available security features .
This incident underscores the critical importance of robust cybersecurity practices, both for companies and individual users. Steam users are urged to take immediate action to secure their accounts and remain vigilant against potential threats.
