Excerpt from CNET Article, Published on May 14, 2025.
A massive Steam data breach has reportedly compromised the information of 89 million user accounts, sparking widespread concern across the global gaming community. According to cybersecurity firm Underdark, which first disclosed the incident on LinkedIn, the leaked data appeared for sale on the dark web, allegedly including users’ phone numbers and one-time passwords. The data leak is currently being auctioned for $5,000, raising serious alarms about the scope and potential misuse of the stolen information.
While Valve, the company behind Steam, has not yet confirmed the breach or responded to media inquiries, the alleged data breach could have far-reaching consequences. As of this writing, Steam reports over 30 million concurrent users online, underlining the platform’s massive global footprint and the scale of risk this data leak presents. The incident underscores growing cybersecurity vulnerabilities in gaming platforms, where personal and financial information is often linked to user accounts. Experts are urging Steam users to act immediately. The first step is to change passwords, followed by enabling two-factor authentication (2FA) via phone and email. Although Steam does not support hardware security keys, its built-in 2FA offers a significant layer of protection against unauthorized access.
Users should also monitor their emails and phones for unusual activity. If any unrequested one-time password messages are received, it could indicate attempted unauthorized access. In such cases, changing the password again is highly recommended. Additionally, gamers should stay alert for phishing messages disguised as promotions or Steam offers, which could be traps designed to harvest more sensitive data. This alleged Steam data breach and data leak serves as a wake-up call not just for gamers but for the entire digital entertainment industry. As platforms become more interconnected, protecting user data must become a top priority.
To delve deeper into this topic, please read the full article CNET.
