- A hacker claimed to have 89 million records of Steam users for sale
- Steam has denied that any of its systems were hacked
- The data probably isn’t as damaging as was originally feared
Recently, it was claimed that gaming platform Steam suffered a major security breach, with up to 89 million user accounts supposedly having their credentials sold on the dark web. But new information has come to light that shows this wasn’t a hack at all – but there are still things you can do to keep your account safe.
As we reported initially, a known cybercriminal had claimed to be in possession of a database consisting of 89 million Steam user records, including phone numbers and one-time access codes. The hacker was attempting to sell the database for $5,000, which is a strangely low sum for such a large amount of data.
It had been suggested that Twilio might have been the source of the hack, and the company does provide one-time passcode services – yet Twilio denied that it had been breached. And now, Steam itself has confirmed that it wasn’t hacked either.
In a news posting on its website, Steam stated that “We have examined the leak sample and have determined this was NOT a breach of Steam systems.” What’s more, Steam added that “The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data.”
How to improve your account security
It’s still unknown exactly where the leaked data came from, but it seems like it’s much less of a serious situation than initially feared.
The one-time passcodes are only valid for 15 minutes, and once that time period has expired, they can’t be used. And without knowing which Steam accounts the phone numbers are linked to, intruders can’t do much with them. That means the data in the leak isn’t of much use now, especially since the breach did not contain any vital account data or personally identifiable information.
Still, that doesn’t mean you shouldn’t think about toughening up the security of your Steam account. If you’re using a weak password – or one that you’ve used for other accounts – it’s time to change that to something more secure. Enlist the help of one of the best password managers and you don’t even need to think up or remember a password yourself, as the password manager handles that for you.
As well as that, you can enable two-factor authentication on your Steam account by logging in, selecting your username in the top-right corner of the Steam website, then selecting Account Details. From there, pick Security & Devices in the left-hand sidebar and choose an authentication method. You can either have a code sent to your email address or use the Steam Guard Mobile Authenticator, which can be accessed from the Steam mobile app.
Although this incident is not as damaging as was feared, it’s still a good reminder to improve the security of all your online accounts. A breach can prove to be devastating, even if this one wasn’t a disaster in the end.
You might also like
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.