'%20x='0'%20y='0'%20height='100%25'%20width='100%25'%20%0A%20%20%20%20%20%20%20%20%20%20xlink%3Ahref='data:image/jpg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wgARCAAGAAoDASIAAhEBAxEB/8QAFgABAQEAAAAAAAAAAAAAAAAAAAYH/8QAFQEBAQAAAAAAAAAAAAAAAAAAAQL/2gAMAwEAAhADEAAAAMopSz//xAAfEAACAgEEAwAAAAAAAAAAAAABAgMEAAYREjEhUeH/2gAIAQEAAT8AhvC1TueJGEwjK8n24AN6HeV9P3JK8Tm++7KD38z/xAAYEQACAwAAAAAAAAAAAAAAAAAAAQMSMf/aAAgBAgEBPwCR1w//xAAXEQADAQAAAAAAAAAAAAAAAAAAAQIx/9oACAEDAQE/AIlPT//Z'%3E%3C/image%3E%3C/svg%3E)
Alarming claims surfaced online on May 13, 2025, alleging a massive data breach affecting millions of Steam users. The leak reportedly involved sensitive account details and even two-factor authentication (2FA) codes, causing widespread concern among gamers. Many Steam users was wondering whether their passwords had been leaked online.
So, how serious is the situation, and did Steam accounts actually get compromised? Here’s everything you should know about this incident, from the alleged data breach to statements on the situation from official sources.
Leaks surface about 89 million Steam accounts impacted after major data breach
The entire gaming community broke into a panic after reports began spreading across social media about a large-scale data dump. Many cybersecurity accounts and data-leak monitors reported that around 89 million Steam accounts were compromised.
Trending
The initial source for this alleged data breach was from the LinkedIn account, Underdark.ai. The post claimed a threat actor known as Machine1337 offered a dataset of over 89 million breached Steam accounts for $5,000 on a well-known dark web forum.
The leak gained more attention when an independent games journalist, Mellow_Online1, posted about the alleged Steam breach.
These posts, when combined with the leaked files circulating on dark web forums, sparked immediate concern over whether Valve’s gaming platform had been compromised.
Not Steam, but the external 2FA code service it relies on was actually breached
More reports later emerged on the alleged major Steam data breach, clarifying that it wasn’t a direct breach of Steam itself. Instead, it was an external service that Steam relies on that was impacted. Those new reports showed some SMS logs that are used in two-factor authentication.
It was later revealed that Twilio, a major cloud communications company that provides programmable communication tools, was breached. Twilio is also the parent company of the Authy 2FA app, which allows Steam users to generate 2FA codes as part of an added login security.
Although Steam didn't directly lose control of its internal user database, hackers could have used it for phishing users. Attackers could have also intercepted 2FA codes to bypass login protection.
Were Steam passwords really leaked?
The biggest question that every Steam user has is whether their Steam passwords were actually compromised due to the Twilio data breach. It seems that might not be the case, as the major cloud communication company rejected the data breach reports in an official statement to BleepingComputer.
If this statement is true, it would mean Steam passwords and 2FA codes have not been leaked. As of this writing, there have been no official statements from Valve on this matter. Moreover, Mellow_Online1 claimed to be approached by Valve, who stated they don't use Twilio.
As a Steam user myself, I haven't experienced any signs of unusual platform activity or forced password resets so far. However, we recommend changing your Steam password and revoking access to unknown devices or devices you no longer use. Your Steam account should be fine now, but we still advise being wary of unusual activities.
Read more Steam-related articles below:
- Why does GeoGuessr Steam Edition have an Overwhelmingly Negative rating?
- Wraith Ops is coming on Steam this year, and it looks as snappy as Call of Duty
