A leak of previous textual content messages despatched to Steam clients with one-time codes for logins was “not a breach of Steam techniques,” Valve says in a put up revealed Wednesday.
Valve’s response follows information {that a} hacker is allegedly in possession of 89 million person data and put them up on the market for $5,000, as BleepingComputer reviews. BleepingComputer checked out 3,000 leaked recordsdata and located “historic SMS textual content messages with one-time passcodes for Steam, together with the recipient’s cellphone quantity.”
Whereas one X person claimed that there’s proof tying the breach to Twilio, a Twilio spokesperson informed BleepingComputer that “there is no such thing as a proof to counsel that Twilio was breached” and that “we’ve got reviewed a sampling of the info discovered on-line, and see no indication that this information was obtained from Twilio.” Valve additionally informed the X person that it doesn’t use Twilio.
“The leak consisted of older textual content messages that included one-time codes that have been solely legitimate for 15-minute time frames and the cellphone numbers they have been despatched to,” Valve says in its put up. “The leaked information didn’t affiliate the cellphone numbers with a Steam account, password data, cost data or different private information. Previous textual content messages can’t be used to breach the safety of your Steam account, and each time a code is used to alter your Steam electronic mail or password utilizing SMS, you’ll obtain a affirmation by way of electronic mail and/or Steam safe messages.”
Valve provides that you just don’t want to alter your password or cellphone quantity following this leak, although it does advocate organising the Steam Cellular Authenticator.
The corporate says it’s “nonetheless digging into the supply of the leak.”
{content material}
Supply: {feed_title}
