Explore allegations of Steam user data being sold on the dark web, raising privacy concerns for millions. Stay informed on this developing story.
Reports have surfaced claiming that more than 89 million records of Steam users, including phone numbers and one-time access codes, were being sold on the dark web. However, Valve, the company behind Steam, has dismissed these claims, assuring users that the alleged hacking of millions of accounts is baseless.
Valve has stated that their analysis of the alleged leak indicates that user accounts remain secure and unaffected. The leaked data reportedly comprises old text messages with one-time codes, which were only valid for 15 minutes, along with the phone numbers they were sent to. Importantly, the leaked information does not include Steam account credentials, passwords, payment details, or any other personal data linked to the phone numbers.
Steam reassures users that the outdated text messages cannot compromise their account security. The company has also highlighted that whenever a code is used to alter a Steam email or password via SMS, a confirmation is sent to users through email or secure Steam messages.
According to Steam, users do not need to update their passwords or phone numbers. Regular checks of account security, accessible through Steam’s security settings, are recommended, as well as using the Steam mobile authenticator for enhanced protection.
Before Valve’s clarifying statement, it was alleged that the compromised accounts were being sold on Telegram for $5,000. The data supposedly included real-time two-factor authentication (2FA) SMS logs routed through Twilio. Twilio, however, denied any breach of their systems. Valve also clarified that they do not utilize Twilio for authentication processes. They have not provided details on the source of the leak or how the two-factor authentication records appeared on the dark web.
Yorum Yap