Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We use affiliate links to earn us some pennies. Learn more.

Here's a statement from Valve on the reported Steam data breach

By -
Last updated: 14 May 2025 at 10:09 pm UTC

There's been reports of a Steam data breach recently, and instead of jumping the gun I reached out to Valve first to see what was going on.

From what I can tell the reports originated on LinkedIn from "Underdark.ai" that claimed there was a "Massive Alleged Steam Data Breach: 89M+ Records for Sale". This was then picked up on X/Twitter, and then lots of news websites posted it up. The initial report mentioned the company Twilio, who told me earlier today:

There is no evidence to suggest that Twilio was breached. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio.

A Twilio Spokesperson

Next up, the full statement sent to me by Valve:

Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.

We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.

The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.

From a Steam perspective, customers do not need to change their passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at https://store.steampowered.com/account/authorizeddevices.

We also recommend Steam users set up the Steam Mobile Authenticator if they haven’t already, as it gives us the best way to send secure messages about their account and that account’s safety.

Valve Press

Will update when I learn any more verified information.

Quick little update 11:09 BST — Valve have now posted it officially on Steam.

Article taken from GamingOnLinux.com.
Tags: Security, Misc, Steam, Valve
11 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
Some you may have missed, popular articles from the last month:
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
4 comments Subscribe

Purple Library Guy 2 hours ago
So . . . all that could really happen here is that some phisher could send your phone an old text message and maybe if you responded you could have a problem. Well, joke's on them--I don't have a phone so they can't send me any text messages!
Liam Dawe 1 hour ago
  • Admin
"Do you guys not have phones?"
Mountain Man 57 minutes ago
This is a indictment of modern news organizations, where someone can anonymously post false information to a website, and it gets picked up as a legitimate story without anybody bothering to vet it. Liam being the exception, of course.
devland 54 minutes ago
All of the maistream gaming media sites jumped on the "you need to change your password yesterday" train and pushed a random shitter msg as objective truth while amplifying the fear around it for clicks and engagement. Shame on them for not checking the source and shame on everyone that fell for it.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Register Forgot Login?
★ Support Us
Popular this week
Search or view by category
Contact
Latest Guides
SteamOSHow to set, change and reset your SteamOS / Steam Deck desktop sudo password
By Liam Dawe,
Decky LoaderHow to set up Decky Loader on Steam Deck / SteamOS for easy plugins
By Liam Dawe,
> View more Tips & Guides
Latest Comments
Buy Games
Buy games with our affiliate / partner links:
Misc