Steam Users’ Data Breached: 89 Million Accounts Exposed

Los Angeles, CA — A significant data breach has reportedly compromised the account details of 89 million Steam users, raising concerns about cybersecurity among gamers. The breach, which was first reported on May 14, 2025, is believed to stem from a third-party service rather than directly from Steam itself.

The announcement came from Underdark, a cybersecurity firm, which reported that a hacker, known as Machine1337, claimed on a dark web forum to have accessed the user records. The hacker is allegedly offering the dataset for $5,000, according to reports from gaming news source Mellow_Online1.

The compromised data may include more than just usernames and passwords; it reportedly contains real-time logs for two-factor authentication (2FA) SMS messages, message contents, and metadata. This information suggests that the breach may involve a vendor that Steam previously worked with, although Valve, Steam’s parent company, has denied using the vendor mentioned in the initial reports.

Mellow_Online1 provided updates indicating that Valve representatives have confirmed they do not work with the vendor, Trillio, as initially speculated. Security expert Dr. Christopher Kunz highlighted that while the dataset includes phone numbers and codes, there are currently no indications that usernames or passwords have been exposed.

Given the potential risks, Steam users are urged to change their passwords and enable two-factor authentication if they have not already done so. Users should also be vigilant about suspicious emails or messages that may attempt phishing attacks.

Mashable has reached out to Valve for a detailed comment on the situation and the security measures in place following this incident. As of now, the gaming community is encouraged to stay alert and report any unusual activity related to their accounts.