Valve Confirms: No Steam User Data Breach
- By Riley
- May 20,2025
Valve has firmly refuted recent reports suggesting its Steam platform experienced a "major" data hack, emphasizing that there was "NOT a breach" of Steam systems.
Despite concerns from some users that over 89 million user records may have been compromised, Steam's detailed investigation concluded that the incident involved only a leak of "older text messages." These messages contained one-time code SMSs but did not include any personal data.
In a statement released on Steam, Valve explained that after a thorough review of the leaked data, it confirmed that customer data remained secure. "The leak consisted of older text messages that included one-time codes, valid only for 15-minute time frames, along with the phone numbers they were sent to. Importantly, the leaked data did not link the phone numbers to any Steam account, nor did it include passwords, payment information, or other personal data," the company stated.
Valve further reassured users that "old text messages cannot be used to breach the security of your Steam account." They highlighted that any attempt to change a Steam email or password using SMS would trigger a confirmation sent via email and/or Steam secure messages.
Taking this opportunity, Valve encouraged players to enhance their account security by setting up the Steam Mobile Authenticator, describing it as "the best way to send secure messages about your account and ensure its safety."
The concern over this potential breach is understandable, given the increasing frequency of data breaches and the large user base of Steam, which exceeds 89 million accounts. Historical incidents, such as the notorious 2011 breach affecting PlayStation 3 and PlayStation Portable networks, which compromised 77 million accounts and led to a nearly month-long service outage, underscore the severity of such threats.
Moreover, recent breaches have not been limited to customer data. For instance, in October of last year, Pokémon developer Game Freak was significantly hacked, resulting in leaks of data concerning its staff and development pipeline. Similarly, in 2023, Sony disclosed that data of nearly 7,000 current and former employees was compromised in two separate breaches. Additionally, in December 2023, hackers accessed confidential data at Marvel's Spider-Man developer, Insomniac, highlighting the ongoing risks to data security in the gaming industry.
