Valve has confirmed that no breach occurred following online reports claiming that over 89 million Steam accounts were compromised. The company has investigated the situation and stated that Steam’s systems remain secure.
The confusion began when a cybersecurity firm, Underdark.ai, flagged a dataset being sold on the dark web, allegedly tied to SMS-based two-factor authentication (2FA) used on Steam. The dataset was listed for $5,000, raising widespread concern.
Valve has since clarified that the data in question consists of outdated SMS 2FA logs. These messages expire after 15 minutes and are not connected to user passwords, login credentials, or personal account information.
Users do not need to take any action. Valve reiterated that passwords, phone numbers, and other sensitive data remain safe. However, it still encourages users to enable the Steam Guard Mobile Authenticator and regularly review authorized devices as a best practice.
Despite speculation linking the leak to third-party services like Twilio, Valve has found no evidence that Steam or its infrastructure were affected.
Steam accounts remain secure.
