 (2).png){kind=logo}
5 months ago
81
A leak of aged substance messages sent to Steam customers with one-time codes for logins was “not a breach of Steam systems,” Valve says successful a station published Wednesday.
Valve’s effect follows quality that a hacker is allegedly successful possession of 89 cardinal idiosyncratic records and enactment them up for merchantability for $5,000, arsenic BleepingComputer reports. BleepingComputer looked astatine 3,000 leaked files and recovered “historic SMS substance messages with one-time passcodes for Steam, including the recipient’s telephone number.”
While 1 X idiosyncratic claimed that determination is grounds tying the breach to Twilio, a Twilio spokesperson told BleepingComputer that “there is nary grounds to suggest that Twilio was breached” and that “we person reviewed a sampling of the information recovered online, and spot nary denotation that this information was obtained from Twilio.” Valve besides told the X idiosyncratic that it does not usage Twilio.
“The leak consisted of older substance messages that included one-time codes that were lone valid for 15-minute clip frames and the telephone numbers they were sent to,” Valve says successful its post. “The leaked information did not subordinate the telephone numbers with a Steam account, password information, outgo accusation oregon different idiosyncratic data. Old substance messages cannot beryllium utilized to breach the information of your Steam account, and whenever a codification is utilized to alteration your Steam email oregon password utilizing SMS, you volition person a confirmation via email and/or Steam unafraid messages.”
Valve adds that you don’t request to alteration your password oregon telephone fig pursuing this leak, though it does urge mounting up the Steam Mobile Authenticator.
The institution says it’s “still digging into the root of the leak.”
English (US) ·