89 Million Steam Accounts Leaked: What Happened and How to Protect Yourself
Steam login security warning image referencing the 89 million Steam accounts leaked.
The gaming world was rocked in May 2025 when news broke that 89 million Steam accounts leaked in an apparent data breach. Steam, owned by Valve Corporation, is the largest digital distribution platform for PC games, serving millions of players worldwide. If you’re a Steam user, understanding what happened and how to protect yourself is critical.
The Story Behind the Steam Account Leak
A threat actor using the alias Machine1337 claimed to possess over 89 million Steam user records, allegedly including sensitive information like one-time access codes. This dataset was offered for sale on a dark web forum for $5,000. Cybersecurity experts and journalists began to investigate, quickly discovering that some of the leaked data included SMS text messages with one-time passcodes sent to Steam users (BleepingComputer).
However, the initial fear that Steam itself suffered a direct breach was soon questioned. Valve responded to the rumors by clarifying that “this was not a breach of Steam systems.” According to Valve, the leak consisted of older SMS messages containing time-limited one-time codes and recipient phone numbers. Crucially, the data did not contain passwords, payment information, or other personal details (The Verge).
Third-Party Vendors and Ongoing Investigations
So where did the data come from? Investigations suggest the leak may have originated from a third-party service involved in the delivery of Steam’s SMS messages, rather than from Steam or Valve itself. Twilio, a major cloud communication provider, was briefly speculated to be involved, but the company categorically denied any breach. Twilio’s spokesperson confirmed that their review found no link between their systems and the leaked data (BleepingComputer).
According to Mashable, the breach highlighted the risks of relying on third-party vendors for critical security services. Details remain hazy, but the incident underscores the importance of reviewing your account’s security features whenever large-scale leaks are reported.
What Steam Users Should Do Now
Although Valve stated that passwords and account details are secure, Steam users are still advised to:
- Change your Steam password and make sure it’s unique.
- Enable two-factor authentication (2FA) using the Steam Guard Mobile Authenticator for stronger security. This method is more secure than SMS-based codes.
- Monitor your account activity and watch for suspicious logins or transactions.
- Stay alert for phishing schemes. Attackers may use news of the 89 million Steam accounts leaked to craft convincing scams targeting affected users.
Valve has reassured its community that "old text messages cannot be used to breach the security of your Steam account," but added that they’re actively investigating the source of the leak (The Verge). Until the full picture emerges, it’s best to take proactive security steps.
Conclusion: Stay Vigilant and Secure
The 89 million Steam accounts leaked event serves as a stark reminder of the ongoing risks in our digital lives. Major platforms like Steam are frequent targets for cybercriminals, but individual action matters. By keeping your account secure and staying informed, you can significantly reduce your risk.
For ongoing updates and expert advice, refer to outlets like BleepingComputer and Mashable. If you believe your Steam account has been compromised, act swiftly and contact Steam Support.