Some of your Steam account information may be out in the wild. You are advised to change your password and enable two-factor authentication.
Data leak alert! On the dark web, a hacker claims to have stealed the Steam information of 89 million users, which he is selling for the modest sum of 5,000 US dollars. The data does not come from a vulnerability in Steam itself, but from its partner Twilio, a third-party service used by the platform to send two-factor authentication (2FA) codes via message. Still, Twilio has access to some of your Steam data, and it may be worth worrying about.
Independent journalist MellowOnline1, who takes a close interest in all things Steam, points out that if this figure of 89 million affected players is confirmed, this represents approximately two-thirds of existing accounts. If you've ever received a two-factor authentication code from Steam, it's likely your data has been stolen.
Protect Your Steam Account
The hacker says they have access to the 2FA codes sent to players by Steam via Twilio, their delivery status (whether the message was successfully sent or not), the metadata of these messages (including timestamps and recipient phone numbers), the routing costs incurred by distributing the codes, and other information.
The risk is still difficult to measure, especially since the hacker hasn't necessarily shared all the leaked data. The 2FA codes have likely already expired and don't appear to be usable. But since the phone numbers to which 2FA codes are sent via SMS are part of the database, there is a risk of a large-scale phishing campaign in the future aimed at recovering passwords and other sensitive data.
Users are recommended to enable two-factor authentication on their account and change their current password (and other accounts that use the same password if you have this bad practice). While at it, choose a strong password or use a password manager.
Yesterday, an alleged major @Steam data breach occurred, compromising over 89 million user records (roughly two-thirds of all Steam accounts).
These datasets are being sold for over $5,000 on what appears to be a site akin to Mipped.
Mipped alongside their sister sites is a…
— Mellow_Online1 (@MellowOnline1) May 11, 2025
0 Comments