Valve has confirmed that the recent alarm regarding a supposed data breach affecting more than 89 million Steam users is unfounded. The company clarified that what was being offered on the dark web were old text messages related to two-factor authentication (2FA) codes, and not a real breach of their systems.
Valve has managed to save the furniture
The initial uproar was triggered by a report published by a LinkedIn user, Underdark.ai, who claimed that a member on dark web forums was selling a dataset that included information from millions of Steam accounts for about $5,000. According to Valve, after examining the sample of data presented, it was determined that it only contained records of temporary SMS messages that do not compromise passwords or payment information.
These 2FA codes are ephemeral, active only for 15 minutes, and are not directly related to sensitive user data. Valve emphasized that, although these messages may include phone numbers, they do not allow unauthorized access to Steam accounts. Additionally, the company assured that users would receive confirmations via email or secure Steam messages if an attempt is made to change the email or password using one of these codes.
In this context, Valve advises users to regularly check the authorized devices page on the platform and enable the Steam Mobile Authenticator as a security measure. In addition, it is suggested to use a password manager to enhance account security. With this confirmation, users can feel more at ease, but it is vital to always remain vigilant against potential threats in the digital environment.
