A significant security concern has emerged as reports indicate that a dataset containing details from 89 million Steam accounts is allegedly for sale on the dark web. A post by a user identified as Machine1337 on a prominent dark web forum claims to have breached Steam’s security, offering this vast amount of user data for $5,000. The post, highlighted by the LinkedIn user Underdark.AI, details a Telegram contact for purchase and includes a link to sample data housed on Gofile.
Further updates to the original claim reveal that the dataset purportedly contains real-time two-factor authentication (2FA) SMS logs routed through Twilio, including message contents and metadata. This suggests that the breach may stem from a compromise within the supply chain rather than direct access to Steam’s servers, raising significant concerns about user security vulnerabilities such as phishing or session hijacking.
Interestingly, a user identified as Mellow_Online reported being contacted by a Valve representative who clarified that they do not utilize Twilio, the data vendor mentioned in the initial post. The discrepancy raises questions about the authenticity of the claims regarding the data breach.
While the nature of the dark web can be alarming, the true extent of the breach remains under investigation. Users are advised to consider updating their passwords as a precautionary measure. This incident serves as a reminder of the ongoing importance of cybersecurity and vigilance in safeguarding personal information online. The hope is that this situation will encourage users and companies alike to enhance their protective measures against potential threats.