89 million Steam accounts reportedly leaked. Change your password now. [Updated]

Editor’s note: The reported Steam account leak isn’t as big as it first appeared. Valve spokesperson Kaci Aitchison Boyle confirmed to Mashable that there was a breach, but that “this was NOT a breach of Steam systems” (emphasis original).

“The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data (emphasis original) said Aitchison Boyle. The company is still looking into the source of the leak. Mashable has a full story on the Steam breach update.

You can read our original report below.

The account details of 89 million Steam users have reportedly been hacked.

Although how the breach happened is unclear, this is a good time to change your password and enable two-factor authentication.

The past Sunday, cybersecurity firm Underdark posted on LinkedIn about a data breach. That post was then picked up and widely spread by gaming-focused X user Mellow_Online1, as reported by tech outlet XDA. According to Underdark’s post, “a threat actor going by Machine1337 posted on a well-known dark web forum claiming to have breached Steam, offering a dataset of over 89 million user records for $5,000.”

This Tweet is currently unavailable. It might be loading or has been removed.

This claim from Machine1337 reportedly also included a Telegram contact, a link to sample data, and internal vendor data “indicating deeper access.”

The breach was believed to have come from a third party service, not directly from Steam. Initially, Mellow_Online1 thought it was from a vendor called Trillio. But Valve, Steam’s parent company, confirmed to Mellow_Online1 that it doesn’t use Trillio.

Details are hazy at this point. In the meantime, Steam users are advised to change their password, turn on 2FA, check their email for any suspicious activity, and be extra vigilant about phishing scams that seem to be related to Steam.

Have a story to share about a scam or security breach that impacted you? Tell us about it. Email [email protected] with the subject line “Safety Net” or use this form. Someone from Mashable will get in touch.

UPDATE: May. 15, 2025, 10:45 a.m. EDT This article has been updated with additional information and a response from Steam. We also removed a sentence from our original story now that Steam has responded to our request for comment.