Valve Confirms: No Steam User Data Breach

Valve has firmly refuted recent reports suggesting that its Steam platform experienced a "major" data hack, assuring users that there was "NOT a breach" of Steam systems. Despite concerns that over 89 million user records might have been compromised, Valve's investigation revealed that the incident involved only a leak of "older text messages." These messages contained one-time codes sent via SMS, but crucially, they did not include any personal data.

In an official statement posted on Steam, Valve detailed their findings after analyzing the leak sample. They confirmed that customer data remained secure, explaining, "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data."

Valve further reassured users that "Old text messages cannot be used to breach the security of your Steam account," and highlighted the additional security measures in place. They noted that any use of a code to change a Steam email or password via SMS triggers a confirmation sent via email and/or secure Steam messages.

Taking this opportunity to enhance user security, Valve encouraged players to set up the Steam Mobile Authenticator. This tool provides 2-factor security and is described by Valve as "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and the fact that over 89 million individuals have Steam accounts, users had valid concerns about potential security compromises. The most notorious video game-related data breach occurred in 2011 when PlayStation 3 and PlayStation Portable networks were severely disrupted for nearly a month, compromising 77 million accounts.

Moreover, it's not just customer data at risk. In October of the previous year, Pokémon developer Game Freak experienced a significant hack, leaking data about its former and current staff along with details of its development pipeline. In 2023, Sony confirmed that data of nearly 7,000 current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac.