Valve has refuted recent reports claiming its Steam platform experienced a "major" data breach, categorically stating there was "NOT a breach" of Steam's systems.
Amid concerns over claims that over 89 million user records were exposed, Steam's internal investigation confirmed that while older SMS messages containing one-time codes were leaked, these did not contain any sensitive personal information.
In an official statement, Valve explained: "Our analysis of the leaked data confirmed it only contained outdated SMS messages with temporary codes (valid for just 15 minutes) and corresponding phone numbers. Crucially, this data wasn't linked to Steam accounts, passwords, payment details, or any other private information."
The company further reassured users: "These expired codes pose no security threat to Steam accounts. Additionally, any account changes requiring SMS verification will always trigger email or secure Steam notifications."
Valve took this opportunity to strongly recommend enabling Steam Mobile Authenticator for enhanced two-factor authentication security, calling it "the most effective method for receiving account security notifications."
The initial concern was understandable given the alarming frequency of data breaches and Steam's massive userbase exceeding 89 million accounts. Many recall gaming's most notorious security incident - the 2011 PlayStation Network outage that lasted nearly four weeks and compromised 77 million accounts.
Recent years have shown cyber risks extend beyond customer data. In October, Pokémon developer Game Freak experienced a serious intrusion exposing staff details and internal projects. Earlier in 2023, Sony disclosed breaches affecting nearly 7,000 current and former employees, while December saw confidential Insomniac Games files stolen, including sensitive Marvel's Spider-Man development materials.
