Support NeoGAF

[Mibu no ookami]

So glad I didn't link my PSN account.

JK

 

[Bert Big Balls]

lol, okay. The only source is this dude who can't even get his facts straight.

This fuckin asshole. I just changed my password and enabled Steam Guard. Tbh though my old password was absolutely pathetic so this was long overdue.

 

[rodrigolfp]

If this comes out as being true then i don't wanna see any PC users nor steam users ever make fun of sony, microsoft, or nintendo being hacked ever again. And if steam was hacked then this a blackmark on gabe and the people who worship the ground he puts his feet on.

We will still mock them as they do other stuff like charge for online on top on leaking passwords.

 

[Roman Empire]

I use steamguard and all but I'll change my password just to be sure. Did the same thing with the last PSN outage. It never kills to be safe than sorry.

 

[Draugoth]

*****Follow up following the analysis of a sample provided by the seller******: Update on Alleged Steam Breach – SMS Logs Confirm Vendor Exposure Following our initial post on the claimed Steam data breach (89M+ users), new evidence confirms that a leaked sample contains real-time 2FA SMS logs routed via Twilio. The data includes message contents, delivery status, metadata, and routing costs — suggesting backend access to a vendor dashboard or API, not Steam directly. This reinforces a supply chain compromise, putting user security at risk via phishing or session hijacking.

 

[Topher]

If this comes out as being true then i don't wanna see any PC users nor steam users ever make fun of sony, microsoft, or nintendo being hacked ever again. And if steam was hacked then this a blackmark on gabe and the people who worship the ground he puts his feet on.

So mock when it happens to Steam, but do not mock when it happens to Sony, Microsoft or Nintendo?

 

[Laptop1991]

I use Steam guard so the PW won't be enough. Steam forum's saying it's only alleged.

 

[RagnarokIV]

So it's bollocks then

 

[MadchesterManc]

Without the Steam guard on my phone folk ain't gonna get far if they try and login

 

[Hideous Snake]

Thank fuck for Steam Guard

 

[Horseganador]

If this were true and 90 million accounts were in danger, Valve would have already come out and said so. I don't believe it.

 

[Pejo]

I have been using the Steam mobile app QR code login for a few years now, it's awesome. Anyways, seems like this is a big nothingburger after all. Hope that twitter guy gets skewered.

 

[ReBurn]

I'd wait for actual confirmation from Steam before going apeshit.

I'd still change my password to be safe. Corporations sometimes wait to disclose breaches until they know the full impact. It may be nothing, but if it's something then better to get ahead of it now.

 

[Holammer]

This allegedly happened three days ago and there haven't been any response from Valve yet.
I think it's bunk.

 

[Agent_4Seven]

Changed pw just in case. The last time I did it was back in 2023 so I had to do it eventually anyway, just in case and like I always do.

 

[dave_d]

Passwords in clear text? That would be major, but source seems sketchy at the moment.

I'd guess they're probably using salted hashes. (IE they don't store your password but they can verify it by storing the result of a calculation involving your password.)

 

[rkofan87]

done but wtf how did steam get hacked??

 

[Tunned]

Changed my shitty password anyway, was well overdue for a one. Steam Guard is a thing too, as people have mentioned.

 

[Rush2112]

Password changed. Not taking any chances after my epic account got hacked.

 

[j0hnnix]

So nothing confirmed by Valve, just a post in LinkedIn and then another person grabbing that information and running with it as gospel.

 

[mopspear]

Seems like it was nothing, but as a reminder, you guys should get Steam Guard or 2FA for anything else important.

 

[lh032]

whats up with pc gaming recently?
expensive low build uality gpu
overvoltage ryzen 9xxx series cpu.
bad drivers
bad optimizations
and now this?

hope this gets better for my PCMR brothers.

 

[Thanati]

Thanks for this. I have the two-step account security but still changed the password.

Thanks!

 

[BlackTron]

So mock when it happens to Steam, but do not mock when it happens to Sony, Microsoft or Nintendo?

You have to figure out who is oppressed or oppressor first

 

[nowhat]

Just logged in, required 2FA as always. My session had been reset though, previously I've gone by months without logging in. Also bought Black Mesa off of a sale, required me to enter the CSC which should have been stored. So whether there has been a breach, who knows, but apparently they've reset at least some sessions/data.

 

[cormack12]

Steam, the gamers nemesis

 

[Stitch]

Not a direct hack of Steam itself: Steam's internal servers or databases don't appear to be breached. But because they rely on Twilio for sending 2FA codes, this affects their users too.

Why it's dangerous:

Phishing: Hackers could use the info to send fake but convincing messages to users.

Session hijacking: If attackers can intercept or replay 2FA codes, they might bypass login protection.

Then Valve told him that they don't even use Twilio

so basically

 

[Ebrietas]

Another reason we need to move on from passwords to passkeys.

 

[Dr_Ifto]

Just a reminder, that these emails/passwords are taken to other sites. So if you use the same password anywhere else, change it there too.

 

[cormack12]

 

[ReyBrujo]

Hackers free Nintendo Switch: Cool
Hackers free Valve accounts: Bad

These hackers are just preserving millions of accounts, as MVG would put it.

 

[Bojji]

1234 -> 4321

 

[TintoConCasera]

I'll change it just in case, but I would have expected some official communication by now.

 

[Astray]

Yep. That's internet 101 stuff these days with just about any account. Steam Guard was way ahead of the curve.

Valve needs to either confirm or deny these reports now for further peace of mind.

Passwords in clear text? That would be major, but source seems sketchy at the moment.

Probably not in clear text if I have to guess.

 

[tkscz]

lol, okay. The only source is this dude who can't even get his facts straight.

This needs to be added to OP, don't want to cause unnecessary issues like waking my kids mom and having her reset their passwords or anything.

 

[Sp3eD]

I'll change it just in case, but I would have expected some official communication by now.

Places that hold your personal information don't like admitting they fucked up. Many of the hacks on other sites in the last decade or so gave warning weeks after it happened. It's almost like it's bad for their business .

 

[mayham2199]

Just a reminder, that these emails/passwords are taken to other sites. So if you use the same password anywhere else, change it there too.

Yep this is the main thing. Someone stole my pizza hut points and got some free breadsticks during when my account was hacked from another site years ago.

 

[Reizo Ryuu]

This is a good example of how people don't actually read threads.

 

[Valonquar]

Password changed and SteamGuard added via phone app. Kinda annoying they don't let you use the standard MFA apps like MS Authenticator.

 

[RagnarokIV]

Yep this is the main thing. Someone stole my pizza hut points and got some free breadsticks during when my account was hacked from another site years ago.

 

[thicc_girls_are_teh_best]

So it's bollocks then

Not quite; seems like developers & publishers on Steam might be affected to some degree, but not actual users or user accounts/passwords.

It was inevitable, considering MS/Xbox and SIE have been hacked multiple times over the years. I'm surprised it took this long, unless it's happened in the past with Steam and I'm not aware of it?

 

[proandrad]

If this comes out as being true then i don't wanna see any PC users nor steam users ever make fun of sony, microsoft, or nintendo being hacked ever again. And if steam was hacked then this a blackmark on gabe and the people who worship the ground he puts his feet on.

Being this protective of a favorite corporations is like falling in love with a prostitute.

 

[Celcius]

Just spent an hour changing all the passwords on ALL the sites I use
It's kinda annoying how many different accounts you need these days

 

[Spukc]

OP lol? drama ?

 

[rkofan87]

so i just wasted time doing this fffffffffffffffffffffffffffffff me

 

[Cakeboxer]

 

[Thick Thighs Save Lives]

Just spent an hour changing all the passwords on ALL the sites I use
It's kinda annoying how many different accounts you need these days

My man, I think you went a bit too far with this. That is unless you were using the same steam pw across a multitude of websites and services.

 

[Topher]

I've moved my family to another country, changed my name and burned off my fingerprints...

....and it was all bullshit?

 

[ReasonBeing]

So mock when it happens to Steam, but do not mock when it happens to Sony, Microsoft or Nintendo?

Exactly, you pick things up quickly

 

[Goalus]

Oh no!
I fear for the five games in my Steam library!