Yesterday, news broke that more than 89 million Steam accounts had been put up for sale on the dark web, prompting users to rush to change their passwords. Steam says that’s false and that you don’t need to worry about your account. Although there was a leak, it wasn’t one that would compromise the security of your PC game library.
Steam says that although a leak did take place, it was not a breach of the Steam systems. “We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone,” the announcement reads.
“The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.”
This confirmation means that, at worst, you might get spam text messages from the leak of your phone number. Since the security codes only last for 15 minutes, they were outdated and useless almost immediately. Valve says there is no need to change your password at this time, but suggests users treat any uninvited account security messages as suspicious.
While this hack might have been a false alarm, it’s a reminder that cybersecurity is an ever-changing field. Always choose a strong, secure password or use a password manager. For many gamers, their Steam library represents hundreds or thousands of hours of playtime. That’s not something you want to put at risk.
