You should probably change your Steam password: data from over 89 million Steam users is reportedly on the dark web following a vendor breach
3 minute readPublished: Wednesday, May 14, 2025 at 11:18 am
Steam Users: Urgent Action Needed After Massive Data Breach
Gamers, listen up! A massive data breach has potentially exposed the login credentials of over 89 million Steam users, representing a staggering 70% of the platform's active user base. This alarming news stems from a breach at a vendor that Valve, the company behind Steam, may have previously collaborated with.
The information, initially brought to light by Mellow_Online1 on Twitter, reveals that a hacker, known as Machine1337, is selling the compromised data on a dark web forum. The leaked data reportedly includes more than just usernames and passwords. Underdark AI's analysis suggests the breach also encompasses two-factor SMS logs, message contents, metadata, and delivery status. This means hackers could potentially access sensitive information, including your Steam account's two-factor authentication (2FA) codes.
While the exact nature of the compromised data remains unclear, the sheer scale of the breach necessitates immediate action. It's crucial to change your Steam password immediately. This is a critical step to protect your account from potential unauthorized access.
Furthermore, enable Steam Guard (2FA) on your account if you haven't already. This adds an extra layer of security by requiring a code from your phone to log in. Also, be vigilant and only use codes sent at the moment you initiated the request.
This breach highlights the importance of strong password practices and the potential risks associated with third-party vendors. While Steam itself appears to be secure, the vendor's vulnerability has created a significant threat to millions of users. Take these precautions now to safeguard your account and gaming experience.
Keywords: Steam, data breach, password, security, Steam Guard, two-factor authentication, 2FA, hacker, leak, usernames, passwords, vendor, compromised, gaming, online security, account security, Valve, Machine1337, Underdark AI, dark web, SMS logs, metadata