89 Million Steam Accounts Leaked: What Happened and How to Protect Yourself
Steam users worldwide are on edge after reports revealed that 89 million Steam accounts leaked in a recent security incident. The event has sparked immediate concern about user safety, data security, and the steps every gamer should take to stay protected. Here’s what you need to know, how to check if you might be affected, and the best practices to secure your account.
What We Know About the 89 Million Steam Accounts Leak
In early May 2025, cybersecurity researchers and gaming communities reported that a threat actor claimed to possess data from 89 million Steam users. The leak allegedly includes one-time passwords, phone numbers, and potentially other sensitive details.
The initial report, highlighted by Mashable, states that a hacker going by the name "Machine1337" offered the database for sale on a popular dark web forum. The claim circulated widely in the online gaming community, causing anxiety among Steam’s 120 million monthly active users.
While the root cause is still under investigation, experts believe the breach might have occurred through a third-party service involved in Steam's authentication process. Valve, Steam’s parent company, has not confirmed the full details but is actively looking into the matter.
Twilio and the Supply Chain Connection
Some experts, including independent watchdogs, speculated the source could be linked to communication vendors such as Twilio, who provide SMS-based two-factor authentication (2FA) services for Steam. However, BleepingComputer reports that Twilio has strongly denied its systems were compromised. Instead, it’s possible that an intermediary SMS platform may have been the real target.
This supply chain angle is a reminder that breaches don’t always need to happen at the main service provider. Third-party vendors often present vulnerabilities. The investigation continues, and users are urged to monitor updates from reputable sources.
How the Leak May Affect You
According to the threat actor’s claims, leaked information could include:
- Usernames and Steam IDs
- Registered phone numbers
- One-time 2FA codes
The sample data contains recent SMS authentication codes and delivery times. This raises the risk of account takeover, identity theft, and targeted phishing attempts.
What Should Steam Users Do Now?
If you have a Steam account, it’s important to act quickly. Here are the best steps to stay safe:
- Change Your Password Immediately: Make your new password strong and unique. Avoid reusing old passwords or using the same one on other sites. CNET’s guide on how to protect your Steam account offers practical tips for strong passwords and security.
- Enable Two-Factor Authentication: Use the Steam Guard Mobile Authenticator if you haven't already. While SMS-based 2FA is helpful, app-based verification is more secure.
- Be Wary of Phishing Attempts: Attackers may try to trick you with emails or messages pretending to be Steam support. Double-check the sender and never click suspicious links. Mashable warns users to stay vigilant for phishing scams.
- Monitor for Unusual Activity: Keep an eye on your account for unauthorized logins, password reset requests, or new device access. React quickly to any suspicious changes.
Conclusion: Stay Proactive Against Data Breaches
While the full extent of the 89 million Steam accounts leaked incident is still unfolding, there’s no time to delay your personal security audit. Change your password, enable the strongest two-factor authentication available, and stay alert for phishing scams. Cybersecurity is always evolving, and staying informed is your best defense.
If you want more in-depth technical details or updates on the ongoing investigation, check out BleepingComputer’s full coverage. Don’t let your digital entertainment be a security risk—take these essential steps to keep your account safe today.