Steam Denied the Account Hack, User Accounts Have Not Been Compromised

Have 89 million Steam accounts been hacked? Early reports claimed that a data breach of the popular gaming platform had allowed for a significant number of user records to go on sale on the dark web for $5,000, but Steam has officially denied the account hacks. While it is true that some data associated with older messages and phone numbers have been leaked through unknown sources, the information is old and time-bound, and not associated with any personal information or account details. The reports of a large-scale Steam breach have been debunked.

The Steam hack appears to be a false alarm and user data continues to be protected by its systems, but this serves as a good reminder to update your password and information to ensure you can keep your account secure. As Valve refutes the data breach, the company is still exploring how the information made its way online. 

Valve-Steam Denied the Account Hack—Understanding the Claims and Responses

The issue began when a post on LinkedIn by Underdark.ai was circulated online with the claim that Steam account data for 89 million users was being sold on the dark web. The post was shared by Twitter/X user Mellow_Online1 who reiterated that a dark web user was selling datasets of these accounts for $5,000 to anyone interested in taking it off their hands. The small asking price for such invaluable data was our first sign that this was likely not a real data breach.

The dataset was claimed to include:

• Real-time SMS logs used for two-factor authentication (2FA), including one-time access codes
• Phone numbers associated with these SMS messages
• Metadata such as delivery status, routing costs, and timestamps
• Some reports speculated it might include usernames, passwords, emails, purchase history, or IP addresses, though these were not confirmed

Steam is reported to have a user base of around 130 million active monthly users, which would put its alleged hack of 89 million accounts at roughly two-thirds of the user accounts. The number and scale of the hack allegations were so staggering that it sent Steam account owners into a tizzy trying to figure out how to safeguard their information and secure their accounts.

No Active Steam Data Leak According to Valve, Leaked Information Already Outdated

On May 14, 2025, Steam parent company Valve issued a public statement through a Steam community post denying the hack. No Steam data has been leaked and 89 million accounts are not at risk of being hacked any second now. Despite the Steam hack being debunked, however, there are still questions about what information was actually being sold on the dark web and how it got there in the first place. 

Valve refuted all claims of a data breach of its internal systems but acknowledged that some data was being circulated regarding its platform.

Nature of the Leaked Steam Data

The leaked data consists of older SMS text messages that contain one-time two-factor authentication codes, but these codes are only valid for 15 minutes, which would make them pointless to acquire by now. These codes were not linked to any specific Steam accounts, passwords, payment information, or other personal data, rendering them useless even if acquired.

There is a limited risk as the Steam data leak does include the phone numbers that received these text messages, but Valve has emphasized that this data alone will not be enough to compromise a Steam account. Any attempts that are made to change the account’s email or password via SMS will trigger an additional email or confirmation message that will alert the users to any interference with their accounts. 

While there has been no Steam data leak from Valve, the company is still investigating the matter and where the leak could have originated.

Are Third-Party Vendors to Blame for the Steam Data Leak?

Early assumptions around the Steam data leak pointed fingers at intermediary message providers that could have allowed the information to slip out from their servers. The pointing was particularly emphasized at Twilio (mistakenly referred to as Trillio in some reports), but Valve has denied the hack via this channel as well, clarifying to Mellow_Online1 that it did not use the company as a service provider. 

Summarizing the Actual Threat of the Steam Data Leak

Valve and several sources have confirmed a data leak, but it does not threaten user accounts and did not occur via the compromised Steam system. The information being sold is not linked to any Steam account, and only old SMS 2FA codes are being circulated with phone numbers that do not give enough information to hack into the account.

• The 2FA codes are expired and unusable
• Phone numbers were exposed but not linked to any more account information
• There is no evidence of passwords, payment details, or other personal data
• If you do receive a message to authenticate login or any other account activity that you did not request, be suspicious of the texts and do not leap to use the code or linked information elsewhere 

What Should You Do Now to Protect Your Steam Account?

No immediate action is necessary as your account is no more vulnerable than it was a week ago. That said, it is always a good idea to enable multi-factor authentication on all your accounts across platforms wherever it is available. On Steam, ensure you enable Steam Guard for two-factor authentication. This helps to keep your account safe from future leaks where partial data will continue to be insufficient to access your accounts and you will be alerted to any attempts to change your account information.

The chaos around the Steam hack creates a good opportunity for phishing attacks. Hackers could use phone numbers to send fake messages and trick you into clicking on suspicious links or making your account more vulnerable, so be wary of all the messages you receive. If you haven’t requested for your password to be reset or your account to be accessed, do not use the information you receive via SMS to do so.

Regularly update your passwords to ensure that any future leaks that release old datasets do not catch your account lacking. Strong passwords use a combination of uppercase letters, lowercase letters, numbers, and symbols, so ensure yours is complex enough to make it hard to guess at and avoid reusing your passwords across platforms. You can also use password managers to help you protect your account if needed.

Despite the Chaos, There Is No Cause for Alarm as Steam Denied Account Hack

Now that Steam denied the account hack, many users are blaming early reports for over-sensationalizing the news and blowing the alleged hack out of proportion. While there has been some overdramatization of the scale of the problem, we can’t blame those who heard about the hack early for sharing the news with others and alerting them to the possible hack. After all, if 89 million users were compromised, this would have been a very serious issue. 

Not only do these Steam accounts hold the key to hundreds of dollars worth of game investments made by users, but also include payment information that could have been misused.

In light of the incident, it’s important to remember to stay calm in case of future reports of hacks and leaks. Jumping to conclusions and making accusations accomplishes very little and muddies the waters on the facts of the incident. Next time, it’s best to secure your account again with updated passwords and wait for official confirmation from the platform on what to do next. 

Security breaches and data hacks are not uncommon in 2025, so it is best to protect your data in as many ways as possible and keep up with the news to ensure you’re not a victim of these attacks. Stay vigilant, but it’s also safe to go back to your gaming now. Steam has a lot of new releases on offer.

Need more information on the false alarm around the Steam hack? Come back to see if we have any further updates from Valve. Subscribe to Technowize to stay on top of everything changing in the world of technology right now.