As a PC gamer, you might have heard some chatter online about Steam—apparently, 89 million Steam accounts have been hacked. But don’t freak out just yet.
The rumors started from a post on the dark web where a hacker claimed to have data from millions of Steam accounts, including the one-time codes for two-factor authentication (2FA). Sounds pretty scary, right? But when Twilio, the company that handles the 2FA text messages for Steam, was asked about it, they said they didn’t find any evidence of a breach or leak.
However, some media outlets have run with the story, including a follow-up from a Twitter user who goes by Mellow_Online1. They claim that Valve, the company behind Steam, said there’s no connection between Steam and “Trillio” (which is probably just a typo for Twilio).
So what’s the real deal? Well, according to BleepingComputer, this could point to a flaw in how text messages are delivered, which is one of the reasons security experts don’t recommend using SMS for 2FA. (The other two reasons being someone could steal your phone number or redirect the codes to their own device without you knowing.) It’s not really Valve’s fault, though. It’s just a weakness in how text messaging works in general.
Update (5/14/2025, 3:20pm PT): Valve has confirmed that no Steam systems were breached and the leaked data doesn’t link phone numbers to Steam accounts, passwords, payment info, or other personal data. They advise users to be cautious of any security messages they didn’t request, like asking for a 2FA code or making account changes.
While this situation might not be a big deal, your account could still be vulnerable for other reasons. Your password might not be as strong as you think (especially with how fast GPUs can crack passwords these days). And you probably haven’t set up two-factor authentication yet.
So, beef up your password with something tough, random, and unique. Turn on Steam Guard ASAP. And switch to using the Steam Mobile App for your 2FA codes for better security.
Already have a strong password and Steam Guard set up? Consider changing your password anyway (should be quick if you use a password manager) and switch to the Steam Mobile App for 2FA if you haven’t already. While you’re at it, check the list of devices connected to your account and remove any you don’t recognize.
You might not trust everything you see on the dark web, but improving your security is something you can definitely take control of and prioritize. So, don’t delay—protect your Steam account now!
