A massive data breach reportedly affecting 89 million Steam accounts has sparked concern among gamers and cybersecurity experts alike. While key details remain unclear, here's what we know so far—and what Steam users should do next.
What Happened?
On Sunday, cybersecurity firm Underdark posted on LinkedIn that a threat actor using the alias Machine1337 had claimed to breach Steam and was offering a database of 89 million user records for sale on a well-known dark web forum. The alleged asking price? $5,000.
The post included a link to sample data, a Telegram contact, and what Underdark described as internal vendor data—suggesting the hacker might have gained deeper access than just surface-level user information.
Was Steam Directly Breached?
Not exactly—at least based on the information so far. The breach appears to have come through a third-party service, not Steam's core systems. Early speculation pointed to a vendor named Trillio, but Valve, the company behind Steam, later told gaming account @Mellow_Online1 (who helped spread the news) that it does not use Trillio.
That said, without an official confirmation from Valve about the breach's origins or scope, uncertainty remains.
What Should Steam Users Do?
Even in the absence of verified details, it's better to be cautious. Here are steps Steam users should take immediately:
- Change your Steam password—especially if you use the same one elsewhere.
- Enable two-factor authentication (2FA) for extra security.
- Check your email for login alerts or suspicious messages.
- Be wary of phishing scams—especially emails or pop-ups that look like they're from Steam.
What Happens Next?
As of now, Valve has not issued a public statement confirming or denying the breach. Outlets like Mashable have reportedly reached out to Valve for clarification. Until more is known, the situation remains fluid.
