Valve has denied recent rumors of a "major" data breach affecting its Steam platform, confirming that there was "NO breach" of Steam's systems.
Although some users were alarmed by reports of over 89 million user records being exposed, Steam's internal investigation found that only "older text messages" were leaked. These one-time SMS codes did not contain any personal information.
In a statement published on Steam, Valve explained that after reviewing a sample of the leaked data, it concluded that customer information remains secure: "The leaked material consisted of outdated text messages containing time-sensitive one-time codes valid for only 15 minutes, along with the phone numbers to which they were sent. The data did not link these phone numbers to Steam accounts, passwords, payment details, or any other private information."
"Outdated text messages cannot be used to compromise your Steam account's security. Furthermore, whenever a code is utilized to modify your Steam email or password via SMS, you will receive a confirmation through email and/or Steam secure messages," the company further noted.
Valve did, however, use this occasion to encourage users to enable the Steam Mobile Authenticator for two-factor authentication, describing it as "the most effective method for receiving secure communications regarding your account and its safety."
Considering the significant increase in data breaches and the fact that over 89 million people maintain Steam accounts, users had valid concerns about a potential security incident. The most notorious data breach in video game history took place in 2011 when the PlayStation 3 and PlayStation Portable networks experienced a prolonged outage lasting almost a month, resulting in 77 million compromised accounts.
Customer data isn't the only information at risk. As recently as last October, Pokémon developer Game Freak experienced a substantial hack that exposed details about current and former employees, along with its development schedule. The previous year in 2023, Sony confirmed that data belonging to nearly 7,000 current and former staff members was compromised in two separate breaches. In December 2023, hackers accessed confidential information at Insomniac Games, the developer of Marvel's Spider-Man.
