Valve has refuted recent claims suggesting a significant data breach had affected the Steam platform, asserting categorically that there was "NOT a breach" of Steam's systems. Despite concerns circulating about the potential compromise of over 89 million user records, Valve's internal investigation found that the situation involved a leak of "older text messages." Importantly, these one-time code SMS messages did not contain any personal identifiable data.
In an official statement published on Steam, Valve clarified that after reviewing a sample of the leaked data, they concluded that customer data remained uncompromised. According to Valve, the leaked information consisted solely of older text messages containing one-time codes valid for only 15-minute periods, along with the phone numbers they were sent to. However, the leaked data did not link these phone numbers to Steam accounts, passwords, payment details, or any other sensitive personal information.
"Old text messages cannot be used to compromise the security of your Steam account," Valve emphasized. Additionally, the company noted that when a code is used to change a Steam email or password via SMS, users receive a confirmation through their email and/or Steam secure messages.
In light of this incident, Valve took the opportunity to urge users to enable the Steam Mobile Authenticator, which provides two-factor authentication. The company described this feature as the optimal method for securing account communications and maintaining account safety.
The concern among users was heightened given the growing prevalence of data breaches and the widespread adoption of Steam, with over 89 million accounts active worldwide. The most notorious video game-related data breach occurred in 2011 when the PlayStation Network experienced a prolonged outage, resulting in 77 million accounts being compromised.
Beyond customer data, organizations within the gaming industry have also fallen victim to cyberattacks. In October of last year, Pokémon developer Game Freak faced a major hack, leading to the exposure of data related to its former and current employees, as well as details about its development processes. Earlier in 2023, Sony confirmed that nearly 7,000 of its current and former employees were impacted by two separate breaches. Additionally, in December 2023, hackers successfully accessed confidential data from Marvel's Spider-Man developer, Insomniac Games.
