Valve Confirms: No Steam User Data Breach in Hack

Valve has firmly denied recent reports suggesting that its Steam platform experienced a "major" data hack, asserting that there was "NOT a breach" of Steam systems.

Despite concerns from some users that over 89 million user records might have been compromised, Steam's investigation concluded that the issue was limited to a leak of "older text messages." These messages contained one-time code SMSs but did not include any personal data.

In a statement posted on Steam, Valve clarified that after reviewing the leak sample, they determined that no customer data was compromised. They explained, "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."

Valve further reassured users that "Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."

Taking the opportunity to enhance user security, Valve encouraged players to enable the Steam Mobile Authenticator for 2-factor security, noting it as "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and with over 89 million Steam accounts, users had valid concerns about potential security issues. A notable example of a video game-related data breach occurred in 2011 when the PlayStation 3 and PlayStation Portable networks were severely compromised, resulting in a nearly month-long outage and the exposure of 77 million accounts.

Moreover, it's not only customer data at risk. Last October, Pokémon developer Game Freak experienced a significant hack where data about its former and current staff, along with its development pipeline, was leaked. In 2023, Sony confirmed that data of nearly 7,000 of its current and former employees was compromised in two breaches. Additionally, in December 2023, hackers breached confidential data at Marvel's Spider-Man developer, Insomniac.