Valve has refuted recent reports claiming its Steam platform experienced a "major" data breach, stating there was "NO compromise" of Steam's systems.
While some users expressed concern over claims that 89 million user records were exposed, Steam's investigation found only "outdated text messages" were leaked - specifically time-sensitive SMS verification codes containing no personal information.
In an official statement on Steam, Valve clarified: "Our analysis of the leaked data confirmed it contained only expired authentication codes and the associated phone numbers. These codes had 15-minute validity windows and weren't linked to Steam accounts, passwords, payment details, or other private information."
The company emphasized: "These outdated messages pose no security risk to Steam accounts. All email or password changes via SMS codes trigger immediate email and/or Steam secure message notifications for verification."
Valve seized the opportunity to remind players about Steam Mobile Authenticator, calling it "the most effective way to receive secure account notifications and maintain two-factor protection."
With cyberattacks increasing and Steam's massive user base, concerns about potential security issues were understandable. The gaming industry's most notorious breach occurred in 2011 when PlayStation Network went offline for nearly a month, compromising 77 million accounts.
Corporate data also remains vulnerable. In October 2023, Pokémon developer Game Freak experienced a breach exposing employee records and development plans. Earlier that year, Sony confirmed data leaks affecting nearly 7,000 current and former staff members. December 2023 saw Insomniac Games, developers of Marvel's Spider-Man, suffer a significant breach of confidential materials.
