Breach cyber

Valve

May 15, 2025 1 min read
Valve

Valve has reported a leak of old text messages sent to Steam customers containing one-time codes for logins. The leak involved 89 million user records, which included historic SMS text messages with one-time passcodes for Steam, along with the recipient’s phone number. Valve clarified that the leaked data did not associate the phone numbers with Steam accounts, password information, payment information, or other personal data. The one-time codes were only valid for 15-minute time frames and cannot be used to breach the security of Steam accounts. Valve recommends setting up the Steam Mobile Authenticator but assured users that they do not need to change their passwords or phone numbers.

Source: https://www.theverge.com/news/667426/valve-steam-leak-breach-rumor

TPRM report: https://scoringcyber.rankiteo.com/company/valve-corporation

"id": "val737051525",
"linkid": "valve-corporation",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 89000000,
                        'industry': 'Gaming',
                        'name': 'Valve',
                        'type': 'Company'}],
 'attack_vector': 'Leak of SMS one-time codes',
 'customer_advisories': ['Set up Steam Mobile Authenticator',
                         'No need to change passwords or phone numbers'],
 'data_breach': {'number_of_records_exposed': 89000000,
                 'type_of_data_compromised': ['one-time passcodes',
                                              'phone numbers']},
 'description': 'Valve has reported a leak of old text messages sent to Steam '
                'customers containing one-time codes for logins. The leak '
                'involved 89 million user records, which included historic SMS '
                'text messages with one-time passcodes for Steam, along with '
                'the recipient’s phone number. Valve clarified that the leaked '
                'data did not associate the phone numbers with Steam accounts, '
                'password information, payment information, or other personal '
                'data. The one-time codes were only valid for 15-minute time '
                'frames and cannot be used to breach the security of Steam '
                'accounts. Valve recommends setting up the Steam Mobile '
                'Authenticator but assured users that they do not need to '
                'change their passwords or phone numbers.',
 'impact': {'data_compromised': ['one-time passcodes', 'phone numbers']},
 'recommendations': ['Set up Steam Mobile Authenticator'],
 'response': {'communication_strategy': ['Recommendation to set up Steam '
                                         'Mobile Authenticator',
                                         'Assurance that passwords and phone '
                                         'numbers do not need to be changed']},
 'title': 'Valve Steam SMS One-Time Code Leak',
 'type': 'Data Leak'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

WestJet

public 1 min read
WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems and the…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.