Valve has confirmed that no breach of Steam systems has occurred following claims that a database of over 89 million Steam accounts was being sold on the dark web. The clarification comes after a post on LinkedIn, Underdark.ai, suggested that leaked data tied to Steam accounts was being offered for sale for $5,000, causing alarm among Steam users.
Steam’s Statement
In a public statement, Valve addressed the claims directly, stating “We have examined the leak sample and have determined this was NOT a breach of Steam systems.” The company explained that the data in question appears to be logs of old SMS messages sent to users for two-factor authentication (2FA) purposes. These messages contain temporary verification codes that expire within 15 minutes and are not linked to account credentials, payment details, or other personal data.
Misleading Claims
The original claim, posted by Underdark.ai and later circulated by X (formerly Twitter) user @Mellow_Online1, alleged that a forum user on the dark web was selling a database containing Steam user information. A sample dataset and a contact number on Telegram were reportedly shared as part of the listing.
Valve has now dismissed the credibility of that listing, noting that the leaked data cannot be used to compromise accounts. The only exposed information appears to be phone numbers that were part of previously delivered 2FA texts.
No Action Required from Users, Says Valve
Valve reassured users that there is no need to change Steam passwords or associated phone numbers as a result of the incident. The company reiterated that any changes to account credentials via SMS are always followed by confirmation through email or Steam Secure Messaging.
Security Advice for Steam Users
Although this event turned out to be a false alarm, Valve reminded users to review their authorized devices regularly and to enable the Steam Mobile Authenticator for added security. These steps help safeguard game libraries and personal data from potential compromise.
