Recently, a report circulating on LinkedIn has raised concerns among many users, suggesting that over 89 million Steam accounts have been compromised and are being sold on a dark web forum.
The post appeared a few days ago on LinkedIn and has been shared widely across X and other platforms. Additionally, a user on the dark web claimed to have a database containing over 89 million Steam accounts, currently being offered for sale at a price of $5,000. This individual also provided “data samples” to prove the authenticity of the claim, along with a Telegram account for further communication.
Moreover, the information from these Steam accounts includes user profiles, contact details such as phone numbers, SMS authentication codes, and one-time access passwords.
However, Valve has stated that the actual information pertains only to the text messages containing two-factor authentication (2FA) codes, which are typically sent via SMS to log into Steam accounts. These codes are valid for only 15 minutes and do not relate to account passwords, payment information, or any other personal data. The only information logged in these messages is the phone number associated with the account.
The publisher has also strongly emphasized that this information cannot be used to infiltrate another user’s account. Whenever a code is used to change an email or password on Steam via SMS, the user will always receive a confirmation notification via email and/or a Steam security message. Importantly, Valve reassured users that there is no need to change passwords or phone numbers following this incident. Even if claims of being “framed” arise, Valve continues to prioritize the importance of keeping Steam accounts secure. With hundreds of thousands of games and personal content associated with each account, users should perform certain actions, such as activating the Steam Mobile Authenticator – a two-factor authentication method that helps prevent unauthorized access and regularly audits permission lists on Steam.
It is worth noting that Steam has sometimes been referred to as “not safe,” suggesting that game developers should have measures in place to prepare for safeguarding themselves more proactively.
