An alleged data leak on the Steam game platform is said to contain 89 million data records-a stranger has been trying to sell it in the Darknet for $ 5,000 since last Saturday. But the response is mau and the explosiveness of the data is questionable.
In the Darknet, data from attacks against game publishers and sales platforms are always circulating. Particularly popular: market leader Steam, who has over 130 million customers. In addition to credit card or PayPal payment information, there are also virtual collectibles for criminals in Steam accounts that can bring in full sums. The user sales offer “Machine1337” in a relevant forum therefore quickly caused excitement in Clearweb: he wanted to have captured 89 million data records and now sell for $ 5,000.
In Darknet marketplaces, the word “data record” (English record) often stands for individual data lines, but not for different accounts. So here too: What Machine1337 Feil offers is apparently protocols of shipping two-factor SMS to Steam users. In a three -thousand lines, around 1,800 different Portuguese phone numbers and metadata can be found via the shipping, the costs and the text of the SMS sent. The authenticity of the data cannot be checked independently, but at first glance the file looks plausible.
The reactions in the forum are therefore rather undermined: “There was a lot of hype, but in fact it was just a storm in the water glass” (the Russian idiom “пук в лусures” literally means “a fart in a puddle”) is an opinion.
Non -number not included, access data does not
The data record contains phone numbers and (expired) one-off codes, but no references to access data such as user name, Steam-ID or even password-hashes. It seems questionable whether Steam customers should change their passwords as a precaution or install the “Steam Guard” security app.
However, if you recently used the data in the recent past-some of the data came from March 2025-SMS codes as a second factor for registration with Steam, you should take a closer look at text messages on the affected mobile device in the future. Cybercriminals could use the captured phone numbers to put on convincing phishing campaigns that wave with steam vouchers or threaten to block them.
Origin unclear – twilio and steam deny
The data apparently comes from SMS shipping via the service provider Twilio, which, however, a security incident compared to Bleeping Computer denied. Steam operator Valve also denied, initially in Bausch and Bogen a collaboration with Twilio. In one opinion The platform operator explains on Thursday evening to look for the source of the leak. In addition, the security of Steam accounts is not at risk, according to the explanation: “The leaked data is not suitable to connect the telephone numbers with a specific steam account, password information, payment information or other personal data.”
The source of the leak is still unknown – the transmission protocols may have been lost at a service provider.
Steam is one of the largest marketplaces for PC games, but customers only acquire a right of use that expires if the Steam account is deleted or hacked. In a c’t article, we explain how to acquire PC games on other download platforms and keep it forever.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.