Valve Confirms: No Steam User Data Breach Occurred

Valve has firmly refuted recent reports suggesting its Steam platform experienced a "major" data hack, emphasizing that there was "NOT a breach" of Steam systems.

Despite concerns from some users about claims that over 89 million user records were compromised, Steam's thorough investigation concluded that the issue involved a leak of "older text messages." These messages contained one-time code SMSs but crucially, did not include any personal data.

In a statement posted on Steam, Valve detailed their findings after analyzing the leak sample. They assured users that customer data remained secure, stating: "The leak consisted of older text messages that included one-time codes, valid only for 15-minute windows, along with the phone numbers they were sent to. Importantly, the leaked data did not link the phone numbers to any Steam account, nor did it include password information, payment details, or other personal data."

Valve further reassured users by explaining that "old text messages cannot be used to breach the security of your Steam account." They highlighted that whenever a code is utilized to change a Steam email or password via SMS, users receive a confirmation through email and/or secure Steam messages.

Given the increasing frequency of data breaches and the vast number of Steam users—over 89 million—concerns about potential security compromises are understandable. A notable example of a video game-related data breach was in 2011 when networks for PlayStation 3 and PlayStation Portable were severely disrupted for nearly a month, impacting 77 million accounts.

The risks extend beyond customer data. Just last October, Pokémon developer Game Freak suffered a significant hack, resulting in leaks of data about its past and present staff, as well as details of its development pipeline. In 2023, Sony confirmed that data from nearly 7,000 of its current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers breached confidential data at Marvel's Spider-Man developer, Insomniac, highlighting the ongoing threat to data security in the gaming industry.