Valve has officially denied claims of a major data breach involving its popular gaming platform, Steam, following widespread concerns that a database containing information on over 89 million users was being sold on the dark web. The company has clarified that no breach of Steam’s internal systems has taken place.
The rumors began circulating after a LinkedIn post by cybersecurity firm Underdark.ai, which alleged that a dark web forum user was offering a Steam user database for sale for $5,000. The listing reportedly included a sample dataset and a Telegram contact number, raising alarm among users and prompting speculation about a potential leak of sensitive personal information.
Responding to the situation, Valve issued a detailed statement, confirming that its internal investigation had found no evidence of any unauthorized access to Steam’s infrastructure. The company emphasized that the sample data did not originate from Steam’s systems and appeared to consist of old SMS logs used for two-factor authentication (2FA) purposes. These messages typically contain temporary verification codes that expire within 15 minutes and are not linked to passwords, financial data, or other critical user information.
“The sample reviewed shows expired SMS-based 2FA codes, not tied to any current access methods or user data,” Valve stated. “There is no risk to Steam users from this data, and no action is required on their part.”
READ MORE: India Plans to Increase Indus Water Usage Amid Tensions with Pakistan
Valve further reassured its community that all changes to account settings, including password updates and phone number changes, require multiple layers of verification—typically through email or Steam Guard. Because of this security protocol, the leaked SMS data poses no threat to user accounts.
Despite the false alarm, Valve took the opportunity to remind users of best practices in account security. The company advised players to regularly review authorized devices, avoid sharing login credentials, and enable Steam Mobile Authenticator for enhanced protection against unauthorized access.
This incident underscores the importance of verifying claims of data breaches through official sources before taking action. Valve’s swift and transparent communication has helped ease user concerns and maintain confidence in Steam’s platform security.
