Valve denies steam data breach after hacker’s claims surface

American video game developer Valve Corporation has officially denied reports that its gaming platform, Steam, was compromised, following claims by a cybercriminal who alleged possession of 89 million user records. The claims, which initially sparked alarm among the gaming community, suggested that a massive trove of sensitive user data was being sold on the dark web. However, a closer examination by Valve revealed no evidence of a breach within its systems.

The situation gained attention when a known threat actor listed a purported Steam database for sale, containing user information including phone numbers and one-time access codes. The hacker was reportedly seeking $5,000 for the entire dataset—a surprisingly low price considering the alleged scope of the leak.

Early speculation pointed to third-party service providers, including Twilio, which supplies one-time passcode services. Twilio promptly issued a statement denying any breach on its end. Valve has now corroborated that position, confirming in an official post that Steam’s infrastructure remains secure.

“We have examined the leak sample and have determined this was NOT a breach of Steam systems,” Valve stated. The company also clarified that the leaked data did not link phone numbers to specific Steam accounts and contained no passwords, payment information, or personally identifiable details.

The source of the leaked data remains unidentified, but analysts now believe the severity of the situation was overstated. The one-time access codes referenced in the leak are time-sensitive and expire within 15 minutes, rendering them essentially useless after that window. Furthermore, without account associations, the data is largely ineffective for malicious purposes.

Despite the absence of a confirmed breach, Valve has encouraged users to review their account security practices. Users are advised to strengthen passwords—especially if the same credentials are used across multiple platforms—and consider using password management tools to enhance security.