Now is a good time to change password in Steam and add 2FA
https://www.xda-developers.com/89-million-steam-account-details-leak
1 Like
Bump --- This is important!
2 Likes
It seems no data that would let anyone into your account (passwords) was leaked. Phone numbers are the only worrying part that was leaked, so beware for the phishing phone calls and unwanted SMS. But other than being careful with that, it doesn't appear to be as serious as if the passwords or the emails got leaked.
Still... it IS a good idea to change passwords from time to time, and now more than ever it's better to be excessively safe than sorry.
3 Likes
No passwords were leaked. One time codes sent via SMS were leaked, along with the phone numbers to which those codes were sent. The account names involved were not leaked, so this is actually a very low risk hack. That said, SteamGuard is a good thing that anyone who can use, should.
Source:
2 Likes
One time only codes have a half life, just as been said above, they can't be used by hackers to gain access to your account.
Regarding phone numbers, every hacker and call center in India, has everyones phone numbers already. The days of private phone numbers are long gone.
Also as been said above, just be vigilant when unknown phone calls or text messages role in. I personally report and block them.
As to who's at fault of the breach, nobody appears to be admitting fault, its a lot of who shot John. (Judge Judy reference)
Thanks for sharing. I'd rather be safe than sorry, so i went ahead and set a new password. According to my password manager, this is my first password change in 5 years!
Thanks for sharing this!
Even though it looks like no actual passwords were leaked, it's still smart to stay cautious. Phishing attempts via SMS or calls might increase, so watch out for anything suspicious.
Also, it's a good reminder for everyone to:
- Change passwords regularly
- Enable Steam Guard / 2FA for extra protection
- Avoid clicking on random links, especially in texts or emails
Better to stay safe now than regret later!
1 Like
While this is a good idea in theory, it's been a while since the NIST has stopped recommending this as being counter productive. People tend to use easy to guess variations of the same password over and over, which makes them much easier to guess through social engineering, or from previous breaches.
3 Likes
Good advice on 2FA here:
Steam Guard is a great feature, but I didn’t have the best experience with it.
I lost the phone that had my Steam Guard, and with it, access to my account.
For almost two months I was messaging support pretty much every day and going back and forth with the admins.
It took a lot of effort to convince them the account was really mine — I had to provide all sorts of confidential info — but eventually I got it back.
I don’t think I’ve ever been happier in my life at that moment.
So yeah, if you’re using Steam Guard, don’t lose your phone.
I know SteamGuard can also be configured for email based verification. I'm at work at the moment, so I can't check whether or not it can be configured to use a mobile device with email as a fallback, but if it can, that might save others your grief.
My sympathies. Valve did the right thing subjecting you to scrutiny under the circumstances, but that doesn't make it any less frustrating or scary. I've had a Steam account since Steam came out. Losing it after so many years and hundreds of games is horrifying to consider.
I don’t think this was always possible but you can also generate backup codes for Steam Guard.