Steam hacked: passwords leaked (debunked)

Well I hope whoever paid $5000 for fake stolen steam accounts contests the charge with their credit card issuer because what a scam
 
(debunked) 3

gaben.gif
 
This sort of thing is why 2FA at a minimum needs to be standard for account security on all services/sites.

If available, passkeys offer even more security than standard 2FA as there is no password or 2FA code to be compromised, and the originating key never leaves your devices, making it impervious to phishing attempts.

As a bonus: all of the consoles offer passkeys for additional security (PlayStation, Xbox, and even Nintendo).
 
Places that hold your personal information don't like admitting they fucked up. Many of the hacks on other sites in the last decade or so gave warning weeks after it happened. It's almost like it's bad for their business 🤔.
Once a company learns of the breach/hack/leak, there is an investigative process. They have to close the leak/hack/breach, figure out what was compromised, then review with their insurance/investigators/etc. on what they are liable for based on the severity of the leak. That is why it takes so long. If no customer data was compromised, you will never hear about it. Names, addresses, and maybe phone numbers do not count since those are public record. This is for U.S. companies/laws. Not sure how it is for other countries.
 
I would suggest if you haven't changed your password in a while that you do it anyway. No sense not to if you haven't changed the password in over a year anyway. I think it's been six months for me, but I will do it anyway since I want to be protected as much as I can be.
 
I would suggest if you haven't changed your password in a while that you do it anyway. No sense not to if you haven't changed the password in over a year anyway. I think it's been six months for me, but I will do it anyway since I want to be protected as much as I can be.
Why should a password become "weaker" over time?
If the password still meets the current security requirements and is only used exclusively once on the platform, I see no problem in keeping my 15-year-old password
 
Why should a password become "weaker" over time?
If the password still meets the current security requirements and is only used exclusively once on the platform, I see no problem in keeping my 15-year-old password
The problem is, things can be hacked at any time and they may not even discover it till later. It's happened on many services. You're free to do what you wish, but I would rather ere on the side of caution than not.
 

Yesterday we were made aware of reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.

We're still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.

The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.

From a Steam perspective, customers do not need to change their passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at https://store.steampowered.com/account/authorizeddevices.

We also recommend Steam users set up the Steam Mobile Authenticator if they haven't already, as it gives us the best way to send secure messages about their account and that account's safety.

Nothing To See Here GIF by Giphy QA
 
Still serves as a good reminder to use authenticator/other 2FA systems, and then make your life easier with a password manager.
 
"You do not need to change your passwords or phone numbers as a result of this event."

I changed ALL my passwords for nothing

ahoklollmao-noooo.gif
 
Last edited:
Top Bottom