Valve Corporation

Valve Corporation, the owner of Steam, faced a potential breach involving the leak of 89 million Steam user records with one-time access codes. The data was advertised for sale by a threat actor known as Machine1337. A sample of 3,000 records, containing historic SMS text messages with one-time passcodes for Steam, was examined by BleepingComputer. The incident is suspected to be a supply-chain compromise involving Twilio, a cloud communications company providing APIs for SMS and 2FA messages. Twilio denied any breach, but acknowledged investigating the situation. The data's origin is unclear, but it may come from an SMS provider intermediating communication between Twilio and Steam users. Steam users are advised to enable Steam Guard Mobile Authenticator for added security.

Source: https://www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/

TPRM report: https://scoringcyber.rankiteo.com/company/valve-corporation

"id": "val546051425",
"linkid": "valve-corporation",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 89000000,
                        'industry': 'Gaming',
                        'name': 'Valve Corporation',
                        'type': 'Company'}],
 'attack_vector': 'Supply-chain compromise',
 'customer_advisories': ['Enable Steam Guard Mobile Authenticator'],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['SMS text messages'],
                 'number_of_records_exposed': 89000000,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['One-time access codes',
                                              'Historic SMS text messages with '
                                              'one-time passcodes']},
 'description': 'Valve Corporation, the owner of Steam, faced a potential '
                'breach involving the leak of 89 million Steam user records '
                'with one-time access codes. The data was advertised for sale '
                'by a threat actor known as Machine1337. A sample of 3,000 '
                'records, containing historic SMS text messages with one-time '
                'passcodes for Steam, was examined by BleepingComputer. The '
                'incident is suspected to be a supply-chain compromise '
                'involving Twilio, a cloud communications company providing '
                'APIs for SMS and 2FA messages. Twilio denied any breach, but '
                "acknowledged investigating the situation. The data's origin "
                'is unclear, but it may come from an SMS provider '
                'intermediating communication between Twilio and Steam users. '
                'Steam users are advised to enable Steam Guard Mobile '
                'Authenticator for added security.',
 'impact': {'data_compromised': ['One-time access codes',
                                 'Historic SMS text messages with one-time '
                                 'passcodes']},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': ['Enable Steam Guard Mobile '
                                                   'Authenticator'],
                            'root_causes': 'Supply-chain compromise'},
 'recommendations': ['Enable Steam Guard Mobile Authenticator'],
 'references': [{'source': 'BleepingComputer'}],
 'response': {'remediation_measures': ['Enable Steam Guard Mobile '
                                       'Authenticator']},
 'threat_actor': 'Machine1337',
 'title': 'Steam User Records Leak',
 'type': 'Data Breach'}