Time to change your Steam password? Data from over 89 million accounts has reportedly leaked to the dark web

Details from 89 million Steam accounts have reportedly gone up for sale on the dark web. Since RPS's dedicated tech team have just informed me that the dark web is not the thing you get when you click 'incognito tab' and is actually potentially much scarier than that, you might want to consider changing your password. Or maybe not. As I say, it's all alleged at this point.

The news comes from a LinkedIn post by user Underdark.AI, listed as a "Computer and Network Security" page, as reported on by our network chums at VG247. From the post:

Today, a threat actor going by Machine1337 posted on a well-known dark web forum claiming to have breached Steam, offering a dataset of over 89 million user records for $5,000. The post includes:

• A Telegram contact for purchase
• A link to sample data hosted on Gofile
• Mentions of internal vendor data, indicating deeper access

They later updated the post with the following:

Following our initial post on the claimed Steam data breach (89M+ users), new evidence confirms that a leaked sample contains real-time 2FA SMS logs routed via Twilio.

The data includes message contents, delivery status, metadata, and routing costs — suggesting backend access to a vendor dashboard or API, not Steam directly.

This reinforces a supply chain compromise, putting user security at risk via phishing or session hijacking.

X user Mellow_Online, who shared the news on that platform, says that they were contacted by a Valve representative who "stated that they do not use Trillio", the data protection company mentioned in the LinkedIn post.

Data security is very far out of my wheelhouse - I still think it's funny to say "I'm in" in a hacker voice whenever a website loads after being slow for a bit - so I'm not to going to add additional comment (though I have asked Valve for one). Do with this information what you will!