Valve confirms Steam 2FA leak affecting 89 million users; no passwords compromised

What just happened? News recently circulated indicating that details of around two-thirds of Steam accounts have been leaked onto the dark web. No passwords, payment information, or other personal data were compromised, but users should probably begin using Steam's mobile authenticator app if they haven't already. A recent Steam security bulletin confirms that hackers have accessed phone numbers and SMS two-factor authentication records linked to most Steam accounts. Steam's internal systems weren't penetrated, and Valve hasn't recommended that users change their passwords. However, now is a good time to review security settings for accounts potentially containing hundreds or thousands of PC games. The leaked data includes unencrypted but expired 2FA codes and the phone numbers they were sent to. However, Valve stressed that the phone numbers can't be used to identify Steam accounts and that no passwords were leaked. The source of the leak remains unclear, but one of the third-party ... Read full article.