A reported data leak involving 89 million Steam accounts, exposing phone numbers and expired SMS authentication codes, has alarmed gamers, as revealed by cybersecurity firm Underdark on May 14, 2025, per TechCrunch.
According to Valve’s statement, the data, offered for $5,000 on the dark web by vendor Machine1337, originated from a third-party SMS provider, not Steam’s systems. While no passwords or payment data were compromised, experts warn of phishing risks, prompting Valve to urge users to adopt stronger security measures.
Underdark reported that the leaked database included one-time SMS codes and account metadata, potentially enabling phishing or social engineering attacks, per The Verge. Valve clarified, “This was NOT a breach of Steam systems,” attributing the leak to an external provider’s vulnerability.
The obsolete codes pose a limited direct threat, but Cybersecurity Dive notes they could fuel targeted scams. Gamers expressed relief at Valve’s response, though some speculated on the data’s misuse, requiring cautious interpretation.
Hackers stole data from 89 million Steam users, reports XDA.
The attackers are asking for $5,000 for the database.
The portal advises users who haven't enabled two-factor authentication to change their passwords immediately. pic.twitter.com/iQDhIdppGL
— NEXTA (@nexta_tv) May 14, 2025With over 30 million users online daily, Steam’s swift denial of a system breach aimed to quell panic, per PC Gamer. Valve advised users to switch from SMS-based two-factor authentication (2FA) to the Steam Mobile Authenticator, change passwords, review login history, and avoid phishing attempts mimicking Steam Support. As cited by Forbes, cybersecurity experts echoed the call, warning that even outdated data could support sophisticated scams.
The leak, likely from scraped or compromised third-party systems, highlights vulnerabilities in external providers, a recurring issue in tech, per Wired. While no direct account breaches occurred, the incident underscores phishing risks, with 2024 seeing a 40% rise in gaming-related cyberattacks, per Akamai data.
89 million Steam accounts reportedly affected by massive data breach, so it's probably time to change your password… https://t.co/NWOYNixcb6 pic.twitter.com/pa9NQtkQbe
— PCGamesN (@PCGamesN) May 14, 2025The Steam scare, though contained, exposes the gaming industry’s reliance on third-party services, prompting calls for enhanced security standards, as discussed in Bloomberg. Valve’s response may mitigate immediate risks, but the incident could erode user trust if phishing surges. As gaming platforms face growing cyber threats, proactive user education and robust protocols are critical to safeguarding millions of accounts.
