Time to change your Steam password? Data from over 89 million accounts has reportedly leaked to the dark web
1 min read
Summary
An AI company, Underdark.AI has alleged that details from 89 million Steam accounts are now for sale on the dark web.
The company claims that a threat actor called Machine1337, has posted that they had breached Steam, and were offering the dataset of over 89 million users for $5,000.
It is thought that the data breach shows a supply chain compromise, putting users at risk of phishing or session hijacking.
According to an article in VG247, a leaked sample of the data includes real-time 2FA SMS logs routed via Twilio, along with message contents, delivery status, metadata and routing costs.
It appears that there is deeper access to internal vendor data and not Steam directly.
It has been reported that a Valve representative has contacted a user on the social media platform, LinkedIn, stating that they do not use Twilio, the data protection company cited in the original post about the breach.
