Valve has refuted recent claims about a "major" security breach on its Steam platform, firmly stating there was "NO compromise" of Steam systems.
Despite concerns over reports suggesting 89 million user records were exposed, Steam's investigation found only outdated SMS messages containing one-time codes were leaked—none of which included sensitive personal information.
In an official announcement on Steam, Valve clarified: "Our analysis of the leaked samples confirms no customer data was accessed. The exposed material consisted solely of expired SMS codes with their corresponding phone numbers. These codes had 15-minute validity windows and weren't linked to Steam accounts, passwords, payment details, or other personal information."
"These outdated codes pose no security risk to Steam accounts. Furthermore, any account changes requiring SMS verification trigger additional confirmation through email and Steam secure messages," the company emphasized.
Valve seized the moment to reinforce the importance of enabling Steam Mobile Authenticator for two-factor authentication, calling it "the most effective method for receiving secure account notifications."
With data breaches becoming increasingly common and Steam's 89 million-strong userbase, the initial concerns were justified. The gaming industry's most notorious security incident dates back to 2011 when PlayStation Network suffered a month-long outage affecting 77 million accounts.
Compromised data extends beyond consumers—last October saw Pokémon developer Game Freak experience a serious intrusion exposing employee records and development roadmaps. Similarly, in 2023, Sony acknowledged breaches affecting 7,000 current and former staff members, while December that year witnessed confidential leaks from Insomniac Games, developers of Marvel's Spider-Man.
