1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hacker advertises alleged database of 89 million Steam 2FA codes,

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 14, 2025 14:15:08
    Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown

    Date:
    Wed, 14 May 2025 13:00:00 +0000

    Description:
    They're selling it for $5,000 but no one knows where they stole it from.

    FULL STORY ======================================================================EnergyWe aponUser advertised a new archive on the dark web They claim it holds phone numbers and OTP codes for Steam Some researchers claim the archive came from Twilio, but the company denied having been breached

    EnergyWeaponUser, a known cybercriminal and leaker, is selling a new database which, they claim, holds more than 89 million Steam user records, phone numbers, and one-time access codes.

    Steam is a digital games distribution platform developed by Valve. It has
    more than 130 million monthly active users, which use the platform to buy, download, and play computer games.

    Recently, a new thread in an underground forum appeared where the hacker offered the database for $5,000. BleepingComputer was among those who
    analyzed the records, and claims it holds historic SMS text message with one-time passcodes for Steam, including the recipients phone number.

    TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

    New users can take advantage of RoboForms exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

    Preferred partner ( What does this mean? ) View Deal Was it Twilio?

    However, it is unclear where EnergyWeaponUser picked the archives up. Valve
    is being silent for the moment. An independent games journalist MellowOnline1 believes the theft is the result of a supply chain attack, with Twilio being the most likely victim.

    Twilio is a cloud communications platform that allows devs to integrate different messaging, voice, and video features. Among other things, it provides SMS and MMS messaging, which many companies use for one-time passcodes and 2FA.

    However, the company told BleepingComputer that it investigated the claims
    and found no evidence of compromise.

    "There is no evidence to suggest that Twilio was breached, a spokesperson for the company told the publication. We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio."

    Another possible explanation is that an intermediary SMS provider could have been breached. At press time, the actual victim was not yet confirmed. EnergyWeaponUsers claims could not be verified at this time. However, the leaker is rather infamous, as they were previously linked with Cisco, Ford, and HPE breaches.

    Steam is warning users to enable Steam Guard Mobile Authenticator and keep an eye on account activity.

    Via BleepingComputer You might also like Ford says it is investigating
    claims thousands of workers have had data leaked online Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hacker-advertises-alleged-database-of-8 9-million-steam-2fa-codes-source-of-leak-unknown


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)