As a PC gamer, you may have already seen some alarm around the web regarding Steam—headlines saying 89 million Steam accounts hacked. But you shouldn’t panic. The reports stem from a post on the dark web, where an alleged hacker offered up supposed records from millions of Steam accounts, including one-time codes used for two-factor authentication (2FA). Sounds bad, right? Except when Twilio, the third-party service that powers the 2FA text message codes for Steam, was asked for comment, the company told BleepingComputer it had not found any evidence of a breach or leak. In the meanwhile, however, multiple outlets have published the original claim—as well as a follow-up from X/Twitter user Mellow_Online1, who says they were told by Valve no relationship exists between Steam and “Trillio.” (A possible typo, as Mellow_Online1 refers to Twilio in a follow-up post on X.) So what’s the deal? As BleepingComputer points out, this data could suggest a leak in the delivery system for text messages—one of three major reasons why security experts don’t recommend receiving 2FA codes through SMS. (The other two? Someone could steal your phone number to receive codes, or they could redirect the codes to their own device without you knowing.) This is not a Valve problem, though. It’s unfortunately a known weakness in how text messaging works. Using a mobile app for two-factor authentication codes is much more secure than via SMS/text message.Alaina Yee / Foundry Update (5/14/2025, 3:20pm PT): Speaking of Valve, the company just confirmed in a Steam Community post that no Steam systems have been breached. The leaked data also does not “associate the phone numbers with a Steam account, password information, payment information, or other personal data.” Valve also says to regard any account security messages you didn’t request (e.g., by asking for a 2FA code or making an account change) with suspicion. While this situation is likely nothing to worry about, your account is probably still at risk for other reasons. Chances are, your password is weaker than you think. (Just have a look at how fast modern GPUs can crack passwords.) And you’re probably not using two-factor authentication yet. Bump up your password to something strong, random, and unique. Turn on Steam Guard now, too. The better method for getting codes will be through the Steam Mobile App on your phone. Already using a good password and Steam Guard? For peace of mind, you can still change your password (which should be simple and fast if you use a password manager). Also switch to the Steam Mobile App as your 2FA method if you haven’t already. While you’re updating your Steam security, be sure to look over the list of authorized devices connected to your account, too. Remove any that you don’t recognize. You may not be able to trust the claims made in dark web forum posts, sure. But strengthening your security is a process you can put weight behind—and you get full control over it, too.