Well 89 million steam accounts they would have finished For sale on a well -known Dark Web Forumaccording to numerous online reports. This episode, still surrounded by different uncertainties, would not derive from a direct violation of the servers Valve (the company that develops the platform), but would seem to be connected to an anomalous escape of information along the external suppliers chain. Although there is, at the moment, a definitive confirmation on the authenticity and origin of this Data Leak (term that indicates an unauthorized dissemination of sensitive data), the risks should not be underestimated and, those who use Steam, would do well to take all the precautions of the case, since it could be vulnerable to unauthorized access or to phishing attempts. The advice we give you is to change the password of your Steam account, enable two -factor authentication (known as Steam Guard), and keep your eyes well open if you are receiving suspicious communications.
The reports on the possible escape of data from the Steam platform
The story was initially brought to public attention by an X (former Twitter) user, Mellowonline1which has relaunched a post published on LinkedIn by the Cybersiculia company Underdark Ai. The latter identified a message on an illegal forum, presumably written by a certain Machine1337which he offered On sale a collection of data associated with millions of steam accounts for about $ 5,000. It is not a high price, considering the amount of potentially accessible data and the commercial value of the accounts, often rich in games, digital objects and personal information. How
It is important to clarify that, at least when drafting this article, Valve – the company that manages Steam – has not confirmed any direct compromise of its systems. Indeed, he explicitly declared that he had never used the services of Twilioan external platform that was initially indicated as a possible weak point due to its function of managing two factors. The exact origin of the escape, therefore, still remains uncertain. It may be data collected over time by different sources, or even a scam aimed at the sale of unaware or false databases. But this uncertainty pushes security experts to recommend the most absolute prudence.
What would contain this alleged package of information? A detailed list was not made public, given that we are generically talked about “Account details», A vaga definition that could include user names, e-mail addresses, Hashate password (i.e. cryptic), purchases relating to purchases, or other identification information. If the passwords were not sufficiently protected or were also reused on other services, the attackers may use them to access accounts or send personalized messages to try more sophisticated scams.
How to protect your Steam account
For those who use Steam, therefore, we recommend that you implement some prevention actions as soon as possible. The first is the immediate change of the passwordespecially if it has been the same for a long time or if it is also used on other sites. Better to choose a long, complex and unique (therefore no “123456”, preferably managed through a password manager (a safe tool for preserving credentials).
The second important action to be done right now concerns theActivation of Steam Guardthe two -factor authentication system offered by the same platform. This system adds an additional level of safety, requiring a temporary code sent by e-mail or generated via mobile app, every time you access an unrecognized device. Even if an attacker was in possession of your password, without the second authentication factor could not complete access to perpetrate the IT attack.
Other precautions to be taken include the control of the accesses history within the Steam settingsto verify the presence of unusual activities, and the maximum attention to e-mails or direct messages containing links or attachmentswho could try to convince you to provide further personal data. This type of scam is called Spear Phishinga particularly dangerous phishing attack when the attacker already has some credible information that he can use to customize the messages he sends to his victims to make them more credible.
And, if you use the same combination of e-mails and passwords also on other services (other than Steam), it is better also update those: in this case the violation could become a port of access to other personal profiles on which you use the same combination of e-mails and passwords.
In closing, allow us this “joke”: even in apparently playful contexts, such as that of online gaming, computer security should never be taken as a game, so do not underestimate the advice we have given you and implement them as soon as possible.
