You may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.
We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.
The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.
You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at
https://store.steampowered.com/account/authorizeddevices
We also recommend setting up the Steam Mobile Authenticator if you haven’t already, as it gives us the best way to send secure messages about your account and your account’s safety.
So I changed my Password & Email 4 nothing ?
It is always a good idea to change your password from time to time.
It’s not that important I think, using a strong password different from all other websites is much more important.
Changed my pw anyway /shrug
Guys! This guy just shared his password!!! It’s “/shrug”
But it shows up as “******” for us
What do you mean it shows up as hunter2…? Don’t you mean ********
I put on my robe and wizard hat
Indeed, it is a good habit to have, changing it from time to time. Nowadays with password managers it is even easier.
Doesn’t hoit!
Since when do you have to link your phone number to your Steam account? I’ve had an account for as long as Steam has existed, and I’ve never been asked to provide my phone number.
It’s to help reduce smurfing in f2p games like the ones mentioned below. (Dota and cs)
Dota 2, csgo ranked both require a phone number linked to the account and since it’s a valve game it’s linked to the steam acct.
I needed to do it to enable 2FA through the Steam app. Kinda wish I didn’t have to, since I know how unsafe SMS is.
SMS 2 factor Authentication
Yeah no I just use the Steam app for authentication.
Me too. But nearly 100 million others don’t, it seems.
In Gaben We Trust
Never a bad thing to have a people change up their passwords and address security
A long, strong, unique password is better than frequent password changes.
Why not both? My main argument was that while some seem to be saying that the outcry wasn’t justified, it probably made many people have a closer look at their security.
It’s good to have a constant in the current world, steam seems okay, I love what they’re doing for Linux gamers, I think they should reduce their share by at least 5%,but they do a good service and seem competent.
Me Hoping GOG also jumps in on the linux bandwagon
I had assumed it was BS as soon as I saw the price of just $5k.
I know, right? It’s too little for that amount of information. I mean, almost 100 million compromised accounts is not few.
From what I understand personal info is peanuts. You buy it in bulk, cheap.
It was put out that everyone should change their passwords. That kind of info for like 90 million steam accounts would fetch a much higher price or ransom than some personal info on a bunch of people like names, phone numbers and an address.
Considering that some people’s accounts hold literally 100s of thousands of dollars worth of skins and cosmetics…
You can hit some serious jackpots if you get access to the right account the right way.
Yeah but it’s being reported by Polygon so…
/joke
OK, fair. Here some other sources I found:
Calm down folks I was making a joke at their expense.
Ah, OK 😅. Well, to be fair, we are in the internet, is hard to tell a joke or sarcasm from honest opinions. That’s why i always use “/s.” to not be misinterpreted.
Is it, though?
No.
Yeah fuck Valnet.
