In a statement released on May 15, 2025, the company confirmed that the exposed information consists solely of outdated SMS messages containing one-time authentication codes and associated phone numbers, which remain valid for only 15 minutes.
Importantly, Valve emphasized that no sensitive personal information, such as passwords or account details, was compromised in the incident.
The company is actively investigating the source of the leak to prevent future occurrences.
While Valve does not believe the leak warrants immediate action like changing passwords or phone numbers, it strongly recommends that users enable the Steam Guard mobile authenticator to enhance account security.
Also read:
- The New Logic of Survival: Brands Battle Creators in the Attention-Scarce Creator Economy of 2025
- TikTokers Are Wearing Apple Watches on Their Ankles — And It’s Not a Fashion Statement
- AI-Induced Psychosis: The Unseen Dangers of an Uncomfortable Truth
Speculation has arisen that the breach may be linked to Twilio, a third-party communications service often used for SMS-based authentication. However, Twilio has stated that it found no evidence of a security breach within its systems, leaving the origin of the leak unclear.
Valve’s swift response aims to reassure Steam’s vast user base, but the incident underscores the importance of robust security measures in an era of increasing cyber threats. For now, users are encouraged to stay vigilant and adopt additional safeguards to protect their accounts.
