Massive Data Breach: 89 Million Steam Accounts hacked
If you’re a PC gamer, you’ve probably seen some alarming headlines claiming that 89 million Steam accounts were hacked. But before you panic, let’s break down what’s actually happening.
The buzz started after someone posted on a dark web forum, claiming to have leaked records from millions of Steam accounts—allegedly including one-time codes used for two-factor authentication (2FA). Sounds serious, right?
However, when cybersecurity site BleepingComputer reached out to Twilio—a third-party service that handles 2FA text message codes for many platforms—Twilio said it found no evidence of a breach or data leak.
Adding to the confusion, a user on X (formerly Twitter) named Mellow_Online1 said they contacted Valve and were told there’s no relationship between Steam and “Trillio.” (It’s likely this was a typo and they meant Twilio, as clarified in a follow-up post.)
So what’s the deal? According to BleepingComputer, the data may point to a potential weakness in the text message delivery chain—one of the main reasons security experts warn against using SMS for 2FA. In fact, there are three major risks with SMS-based 2FA:
-
Text messages can be intercepted or redirected.
-
Hackers can hijack your phone number.
-
Weaknesses in the SMS system can expose 2FA codes.
To be clear: this doesn’t appear to be a Steam or Valve issue. It highlights the broader vulnerabilities in how SMS-based 2FA works.
Even if this specific incident doesn’t turn out to be a serious breach, your account may still be at risk for other reasons—like a weak password or not having 2FA enabled at all. With the power of modern GPUs, many passwords can be cracked in seconds.
What should you do?
-
Use a strong, unique password for your Steam account.
-
Enable two-factor authentication—preferably with an app like Authy or Google Authenticator, rather than SMS.
Stay informed, but don’t fall for the panic.