A leak of outdated textual content messages despatched to Steam prospects with one-time codes for logins was “not a breach of Steam techniques,” Valve says in a put up revealed Wednesday.
Valve’s response follows information {that a} hacker is allegedly in possession of 89 million person information and put them up on the market for $5,000, as BleepingComputer experiences. BleepingComputer checked out 3,000 leaked recordsdata and located “historic SMS textual content messages with one-time passcodes for Steam, together with the recipient’s cellphone quantity.”
While one X person claimed that there’s proof tying the breach to Twilio, a Twilio spokesperson instructed BleepingComputer that “there isn’t a proof to recommend that Twilio was breached” and that “now we have reviewed a sampling of the information discovered on-line, and see no indication that this information was obtained from Twilio.” Valve additionally instructed the X person that it doesn’t use Twilio.
“The leak consisted of older textual content messages that included one-time codes that had been solely legitimate for 15-minute time frames and the cellphone numbers they had been despatched to,” Valve says in its put up. “The leaked information didn’t affiliate the cellphone numbers with a Steam account, password data, cost data or different private information. Old textual content messages can’t be used to breach the safety of your Steam account, and each time a code is used to alter your Steam e-mail or password utilizing SMS, you’ll obtain a affirmation by way of e-mail and/or Steam safe messages.”
Valve provides that you just don’t want to alter your password or cellphone quantity following this leak, although it does advocate establishing the Steam Mobile Authenticator.
The firm says it’s “nonetheless digging into the supply of the leak.”
