Steam Data Breach, A False Alarm

Four days ago, the cybersecurity firm Underdark, shared a LinkedIn post regarding a claim made by the user Machine1337 on a prominent hacker forum, stating that they had compromised Steam and were offering a database containing over 89 million user records, including phone numbers and passwords, for $5,000.

A user named Mellow_Online1 on X (Twitter) has also reported the data breach,

Yesterday, an alleged major @Steam data breach occurred, compromising over 89 million user records (roughly two-thirds of all Steam accounts).

These datasets are being sold for over $5,000 on what appears to be a site akin to Mipped.

Mipped alongside their sister sites is a…

— Mellow_Online1 (@MellowOnline1) May 11, 2025

Mellow_Online1 suggesting it originated from a third-party service called Trillio. However, Valve confirmed to Mellow_Online1 they don't use their services.

Weirdly, Steam has acknowledged a vendor breach involving SMS logs containing 2FA codes had been exposed and is currently investigating the source of the leak. Steam stated, 'We have examined the leak sample and have determined this was NOT a breach of Steam systems.' Additionally, Steam has advised users to regularly check their account security at the provided website. https://store.steampowered.com/account/authorizeddevices