Valve Confirms: Steam User Data Safe from Hack

Valve has firmly denied recent reports suggesting its Steam platform was the victim of a "major" data hack, stating categorically that there was "NOT a breach" of Steam systems.

Despite concerns from some users over reports claiming that over 89 million user records were compromised, Valve's thorough investigation revealed that the incident involved only a leak of "older text messages." These messages contained one-time code SMSs, but crucially, they did not include any personal data.

In a statement released on the Steam platform, Valve detailed their findings: "The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information, or other personal data."

Valve further reassured users that "Old text messages cannot be used to breach the security of your Steam account," and emphasized that any use of a code to change a Steam email or password via SMS would trigger a confirmation email and/or secure message on Steam.

Taking the opportunity to bolster user security, Valve encouraged players to enable the Steam Mobile Authenticator. This tool enhances account security by providing two-factor authentication, which Valve described as "the best way to send secure messages about your account and your account's safety."

Given the increasing frequency of data breaches and the vast number of Steam users—over 89 million—the community had valid reasons to be concerned about a potential security breach. The gaming industry has seen its share of significant data breaches, such as the infamous 2011 incident when PlayStation 3 and PlayStation Portable networks were hacked, resulting in a nearly month-long outage and the compromise of 77 million accounts.

Moreover, the risks extend beyond customer data. Just last October, Pokémon developer Game Freak was hit by a significant hack that exposed data about its staff and development pipeline. In 2023, Sony disclosed breaches affecting nearly 7,000 current and former employees' data, and in December of the same year, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac.