The leak, initially flagged by cybersecurity firm Underdark on LinkedIn, included text messages with validation codes and the associated phone numbers.

In response to the alarming report, Steam issued a statement late last night asserting, "We have examined the leak sample and have determined this was NOT a breach of Steam systems." The company elaborated that the compromised data did not correlate phone numbers with Steam account passwords, payment information, or other personal details. "Old text messages cannot be used to breach the security of your Steam account," emphasized the statement. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."

Steam reassured users that they do not need to change their passwords or phone numbers due to this event. Regardless, the company advised users to be vigilant about account security, noting that unsolicited security messages should be treated with suspicion.

The source of the data leak remains unknown, and Valve had not responded to CNET's request for comment as of this report. The leaked information reportedly includes one-time passwords (OTPs) along with the phone numbers. The threat actor selling this data has put it up for auction at $5,000.

Though Valve indicated that changing passwords is unnecessary, CNET suggests it as a precautionary measure. Regularly updating your passwords and maintaining account security can never hurt. To bolster security further, Steam recommends enabling the Steam Mobile Authenticator, which facilitates two-factor authentication (2FA) using a phone number and email. While Steam doesn't support hardware security keys, its built-in 2FA provides an added layer of protection.

For users already employing 2FA, it's essential to monitor emails for any suspicious activities linked to their Steam accounts. Unrequested one-time password text messages should be ignored, and users should consider changing their passwords if they receive such messages. In the weeks ahead, being cautious of potential phishing attempts masquerading as game product offers or other Steam-related content is advisable.

Overall, keeping your personal data secure and staying aware of such threats can provide peace of mind. As the situation evolves, users are encouraged to keep an eye on updates and take necessary security measures to protect their accounts.