If your phone number was one of the 89 million exposed in the recent data breach that affected Steam, the company says your info is safe. In a statement shared with CNET, Steam has denied that a reported data breach endangered its users' personal information.
"Old text messages cannot be used to breach the security of your Steam account," the statement said. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages."
The company also said the breach wasn't of a Steam system and that you don't need to change your password because of it. According to Steam, the leaked info can't be tied to Steam accounts, passwords or payment information.
However, your phone number is still personally identifying information and can give scammers more ammunition for targeted phishing campaigns. Changing your password is an easy step to take to shore up your account's defenses.
Here are some additional ways to protect your account.
What was leaked?
First reported by Underdark, a cybersecurity company, on LinkedIn, the information for 89 million Steam accounts popped up for sale on the dark web. Steam denies the leak originated from any of its systems, and the origin of the breach remains unconfirmed. The data allegedly includes users' one-time passwords and phone numbers. The threat actor says it's auctioning off this information for $5,000.
Should you be worried about your phone number being leaked?
"Not so long ago, an exposed phone number was not even considered a breach because most of us shared them publicly anyway," said cybersecurity fraud expert Neal O'Farrell, a CNET expert review board member.
"But now a phone number is so closely connected to our identity -- try accessing your bank account without it -- it's become a major target for criminals."
Steam said users don't need to update their passwords, which CNET recommended in a previous version of this story. But the company did recommend regularly checking your Steam account security.
However, whenever you're worried about a security breach, changing your password is a smart move. If you have a Steam account, it doesn't hurt to change your password now to keep your game library -- and financial information -- secure.
How to protect your Steam account
Even if it may not be necessary, it doesn't hurt for Steam account holders to change their passwords. At the very least, this will help secure your account.
If you want to take it a step further, you can use a password manager to create complex passwords and store them for you.
Steam also recommended setting up the Steam Mobile Authenticator, which enables two-factor authentication with your phone number and email. 2FA is an easy step that will make it much more difficult for unauthorized users to access your account. Steam doesn't support the use of hardware security keys, which can offer another level of protection, so its in-house 2FA is going to be your best bet to protect your account.
If you already have 2FA enabled, be sure to check your email for any suspicious activity linked to your Steam account.
Here's how to change your Steam password:
- Open your Steam client
- At the top left corner, click on Steam and choose "Settings"
- Click on "Security" to make sure you have 2FA enabled. Add your email/phone number if you haven't already.
- Choose "Change Password" at the top
- Set a strong password using symbols, capital and lower-case letters, numbers, and make it as long as you can.
If you've recently received any one-time password text messages that you did not request, ignore them and change your password again. In the coming weeks, keep an eye out for any phishing attempts disguised as game product offers or other Steam-related content.
"Apart from changing all passwords, even if the company says there's no need, you do need to be on constant guard for phishing emails, texts and calls, connected to this breach or not," O'Farrell said. "And if your phone provider allows, activate SIM protection to prevent thieves from switching your number."
Protect your personal data and get peace of mind with CNET's top pick for identity theft software.
CNET's pick for the best identity theft protection service
English (US) ·