It's been debunked, valve confirmed they don't even use the company that is said to be hacked (a SMS 2FA company) and the source of it all is an AI company's LinkedIn post that itself looks AI made itself I mean, $5000 for 89 MILLION steam accounts? Come on. Just have Steam Guard and you're good. - ThreadSky

tannerofthenorth.bsky.social • 23 hours ago

It's been debunked, valve confirmed they don't even use the company that is said to be hacked (a SMS 2FA company) and the source of it all is an AI company's LinkedIn post that itself looks AI made itself

I mean, $5000 for 89 MILLION steam accounts? Come on.

Just have Steam Guard and you're good.

Comments

tannerofthenorth.bsky.social•23 hours ago

This post went from

AI Company on Linked In

v

Twitter Blue user with 900 followers

v

Resetera thread called 8.9 MILLION STEAM ACCOUNTS HACKED EVERYONE CHANGE YOUR PASSWORDS NOW!

v

Gaming websites

v

Bluesky

And no one stopped to read the second post by the Twitter user saying "I was wrong"

tannerofthenorth.bsky.social•23 hours ago

While it's the original source of it spreading with its awful scaremongering name, this now-renamed thread has the info on it.

Just get past the initial people screaming and go to the ones going "wait this is already debunked guys" who explain that it's benign

https://www.resetera.com/threads/possible-sms-2fa-supply-chain-breach-impacting-steam-unconfirmed-check-within-for-details.1188741/

samhainvt.bsky.social•22 hours ago

I am begging people, please stop trying to use Resetera as a source for anything. The entire website is filled with idiots that get high off the smell of their own farts

It's not a journalism site, it's a fucking web forum

It's like trying to use Reddit as a news source

freshryeroll.bsky.social•17 hours ago

📌

sagadego171.bsky.social•21 hours ago

So fucking true!

rockdem0n.bsky.social•7 hours ago

Aren't they one of the ones that fired everyone and just use AI now?

kaijuultimax.bsky.social•20 hours ago

People only still use that site because long ago it was a good avenue to talk directly to games devs. Only problem is that was more than 10 years ago lol people need to learn to let go already.

luperteverett.bsky.social•20 hours ago

And yet the guy is still doubling down lmfao

doogie2k.bsky.social•20 hours ago

Also, the whole thing just seemed a bit...whiffy.

I kept waiting for better sources and none materialized.

sqky.one•23 hours ago

there's a saying in Chinese: 「謠言止於智者」 "Rumours stop at the wise hermits"

I wish that was true in the modern age of the internet

null.band•23 hours ago

Well, it also went from VG247 (a serial reposter), sourcing XDA (not much better), and not the original source. The X thread, not LinkedIn, had reply updates including a mention that Valve doesn't use Twilio.

https://xcancel.com/MellowOnline1/status/1921672313608823002

null.band•23 hours ago

This is why journalism matters, not hysteria amplification from a random AI company posting wads of slop on LinkedIn without validation.

tannerofthenorth.bsky.social•23 hours ago

Yeah but a games journalist gave GodHand a bad review in the early 2000s so /s

poulsens.bsky.social•22 hours ago

This is one of the reasons I follow @gamingonlinux.com, because rather than just parrot what was being said, he instead started investigating it.

kuujiflow.bsky.social•19 hours ago

The SoundCloud drama in a nutshell

cyberrb25.bsky.social•20 hours ago

Only thing I can give myself a save is that, if you no longer have X, you can no longer easily read threads on Twitter.

But yes, I'm sorry to have distributed such a thing if it was really fake.

stargazerkg.bsky.social•22 hours ago

Egh, already reset my password. If nothing else, changing my password hurts nothing.

starcafe.bsky.social•22 hours ago

People on the internet still refuse to read. They look at headlines, and make their opinions based off that. It takes moments to look into things. Can we please normalize reading articles and looking into their sources, cause it takes moments to see what is true and not.

sparrowson.bsky.social•21 hours ago

The worst thing is, I did read the VG247 article and saw some of the details there are sketchy, but I still decided to spread the article and changed my password just in case it was true. I was relieved when someone said it was false but also felt bad for spreading misinfo and apologized.

starcafe.bsky.social•21 hours ago

I’m glad you did! Maybe I came off too harsh… but changing your password doesn’t hurt

iontheinside.bsky.social•18 hours ago

Where's the valve statement /response?

flamechocobo.bsky.social•22 hours ago

I reposted that and not realized this sooner. Valve confirmed that it was false.

Though I did change the password and add in Steam Guard Mobile Authenticator onto my phone just in case any of the breach happened.

soyweiser.bsky.social•23 hours ago

> I mean, $5000 for 89 MILLION steam accounts?

Yeah was a big eyebrow raise. Wait so these people broke into a SMS 2FA company and all they did was take the DB and leave?

I'd think that selling the steam account of asmongold alone for example to a cryptocurrency guy is worth more than 5k.

thewellredmage.bsky.social•20 hours ago

edwardlapine.bsky.social•23 hours ago

I guarantee my Steam account alone has more than $5,000 worth of games.

I've had my WoW account hacked once many years ago, and Blizzard recovered it before I even noticed. Just get 2FA whenever you can, you can do it from your phone, it's that easy.

mistakrabs.bsky.social•22 hours ago

I know there's a website that will calculate the value of your library using different metrics (sale, full price, etc). I want to say my own clocked in around 3k so I can totally believe that.

mike.technikquatsch.de•17 hours ago

Here (if you really want to know)
https://steamdb.info/calculator/

ryujishiryu.bsky.social•22 hours ago

Fell for it but at least it served as a good reminder to change my password as it has been a while xD

possumdementhe.bsky.social•21 hours ago

Changing your password periodically is good practice regardless.

soyweiser.bsky.social•21 hours ago

It depends, if you constantly cycle weak passwords it is prob worse than having a long term strong one. But there are easier gains here like using a password manager (which helps with longer passwords) and using 2fa. (and if you have the choice between sms or other two factor, move away from sms).

possumdementhe.bsky.social•21 hours ago

I wasn't necessarily suggesting to cycle weak passwords, but when you aren't told about data breaches until months later, cycling strong ones makes sense.

soyweiser.bsky.social•21 hours ago

Certainly, was just chatting about various security methods a bit. And Steam tries to push people towards strongest 2fa via various methods, as all this is also a bit silly that we depend on the consumer doing the right thing.

ryujishiryu.bsky.social•21 hours ago

It is! But I do sometimes mean to do that and then...poof, I forget

rodangol.bsky.social•19 hours ago

At least you have a good excuse. I’ve stopped changing passwords on anything that doesn’t force me or I forget the password.*

Only my Blizzard/WoW account has been hacked twice without compromising the password.

*these are all accounts that don’t matter, like my Steam account

jcampbell84.bsky.social•21 hours ago

Also fell for it, but doing so made me realize that my Steam password was the same one I created in 2011 and it was SO insecure that I'm amazed I've never been hacked. I only enabled 2FA in the last 3 years or so, I am an idiot.

miralelian.bsky.social•20 hours ago

I relied on auto-login for so long (read: years) I had no idea what my password was, so it was probably time to change it anyway. No less annoying, but...

itzbeelzebuddy.bsky.social•20 hours ago

Welp... Already changed the password. Probably at least a good reminder for ppl to do it tho hehe

executive06.bsky.social•4 hours ago

"Just have Steam Guard and you're good." Thats a big step, but that doesn't guarantee complete safety. If an attacker knows some data about you he can convince the support to reset/remove the steam guard. I experienced this myself.

supercrumpet.bsky.social•15 hours ago

What a wild situation. What is even the point of that LinkedIn page, and how does it put content together?

t850terminator.bsky.social•22 hours ago

Still, change your password.

Always regularly change password of your high value accounts.

miralelian.bsky.social•20 hours ago

...
...
!!!FUCK AI!!!
...
I spent the better part of an hour changing my passwords. Had to disconnect my authenticator, come up with a new secure password, reconnect the authenticator...

*Sigh* it was probably long past time to change my Steam password anyway. Relied on auto-login for so long...

hellpug.bsky.social•22 hours ago

fell for it, should've looked better but changing passwords was probably a wise idea

bleentastic.bsky.social•22 hours ago

can also protect yourself by just deleting your steam account

dngrs.bsky.social•20 hours ago

bruh

ghostkumo.bsky.social•23 hours ago

If nothing else, serves as a good reminder to set up Steam guard and change passwords once in awhile lol

dngrs.bsky.social•21 hours ago

I wish steam supported TOTP, I'm not interested in yet another custom 2FA app

ducklie.bsky.social•15 hours ago

It used to support it.
Then they removed it in favor of Steam Guard backed with SMS verification.

dngrs.bsky.social•15 hours ago

buncha weirdos.

lonelylupine.bsky.social•17 hours ago

So I updated my long-overdue password for nothing.

riverthesheep.bsky.social•20 hours ago

I fucking hate posts like this because one, it shouldn't fucking MATTER if you use 2FA, and two, nobody actually fucking looks into it before mass pinging everyone in 10 different servers

monkneys.bsky.social•20 hours ago

agreed. people who share unfounded sensationalist stuff that falls apart on the barest scrutiny are a primary driver of social media rot. can't even blame russians for that.

this is functionally no different from "they're eating the cats".

glek.glektarssza.com•15 hours ago

The people who mass ping everyone on 10 different servers legit piss me off. Especially since I often get lashed out at when I have to be the voice of skepticism.

Either I'm "the bad person who doesn't want to keep people safe" or I'm "the idiot who was wrong".

Nice.

riverthesheep.bsky.social•15 hours ago

I love getting the "well they were trying to help" thing too, it sucks

tankcatapult.bsky.social•17 hours ago

And, if anything, all it does it get people desensitized to actual data breaches and attacks.

Boy who cried wolf, except digitally.

mahmoudhamed88.bsky.social•3 hours ago

https://bsky.app/profile/mahmoudhamed88.bsky.social/post/3lp5ytxwjrc2h

mitsoukio-an-magic.bsky.social•8 hours ago

Still needed to update my passwords so its fine, more was just a reminder for me to do that

jordanalimt.bsky.social•23 hours ago

It's a website that covers social media drama and rumors. They're not real journalists, they just want the quickest clickbaits.

arakay.bsky.social•22 hours ago

Good to know it's safe, glad I fell for it though because in changing it I realised I was using a pretty old password on my account anyway LOL

worr.bsky.social•21 hours ago

Hmm, not sure it is fully debunked?

Bleeping Computer sources the actual post from the hacker selling the data and has sifted through some of the data already

https://www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/

mbletst.bsky.social•21 hours ago

being able to crack steam guard is worth a hundred times that alone

nebulousyokubo.bsky.social•19 hours ago

"Machine1337" there is NO fucking way people believe this shit.

iontheinside.bsky.social•18 hours ago

I'd point you to the hacker who got into the cdpr servers who left a a l33tspeak message

remiferia.bsky.social•17 hours ago

I mean there once was a group named "LulzSec" or something like that around 15 years ago iirc.

or10ncozz.bsky.social•20 hours ago

Thank god.

patchstep.com•20 hours ago

I still prefer OTP over email- at least until they make Steam Guard 2FA compliant.

A 2FA code should be invalidated upon use, Steam Guard codes aren't.

peepos.bsky.social•20 hours ago

for real? not having totp seems like an insanely obvious miss.

patchstep.com•20 hours ago

not using Steam Guard has saved me from getting my account stolen a couple of times. I've grown and become more vigilant about this stuff so it hasn't happened to me in a long time.

patchstep.com•20 hours ago

There's a reason why there's so many "fake popup" phishing sites for steam. They can log in with your entered details, and prompt for your steam guard code. An SG code is valid for 30 seconds, which is plenty of time to change creds & hijack the acc or simply initiate, accept, and confirm trades.

peepos.bsky.social•20 hours ago

woof. sounds like a security vs convenience trade off that is really biting them.

patchstep.com•20 hours ago

Email still is a true OTP on steam, can’t use it again after it’s been used once.

patchstep.com•20 hours ago

Correction: TOTP compliant

mxfee.bsky.social•20 hours ago

This is exactly why I looked for a more reputable site to report. XDA broke down the info including the "debunking".

astral-express.net•21 hours ago

No offense but "It's been debunked, valve confirmed they don't even use the company that is said to be hacked" is just as made up as "89 MILLION STEAM ACCOUNTS HACKED!!!" without a source - Can you provide a source for Valve confirming this?

minirop.com•21 hours ago

https://x.com/MellowOnline1/status/1922653742748323956

minirop.com•21 hours ago

fu-- wrong tweet, it's the one just above in the chain.

astral-express.net•20 hours ago

Thanks for posting this and I don't mean to be rude but who is this random person? The same issue exists here, I could just go "CLARIFICATION/UPDATE: I have been contacted by a Valve representative, and they have stated that there was a data breach they are aware of and will be posting news soon."

minirop.com•19 hours ago

I mean, that the source. Is it reliable? Who knows (they could have posted the email but even that is easy to forge)

monkneys.bsky.social•19 hours ago

That said, the extraordinary claim here is the hack, not the denial. So while it's "just as made up," it doesn't require nearly the same scrutiny.

saphi.re•21 hours ago

Okay fuck it

The debunked IN PART, about twilio, please don't misinfo on top of misinfo

I think either the guy selling SMS list for 5k is lying, or the infosec company signaling about this

IDK who the hell dumps an SMS gateway and leaves to just sell data for 5k, you can do so much...

saphi.re•21 hours ago

And most fucking notably

The linkedin post has a screenshot

That shows it was posted in "spam lists" subforum. Though the category might actually include account details to send spam /from/, unsure, the description is cut off.

I wish the "Underdark ai" posted some actual damn info :X

Comments

Posting Rules

Reply