Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown

EnergyWeaponUser advertised a new archive on the dark web
They claim it holds phone numbers and OTP codes for Steam
Some researchers claim the archive came from Twilio, but the company denied having been breached

EnergyWeaponUser, a known cybercriminal and leaker, is selling a new database which, they claim, holds more than 89 million Steam user records, phone numbers, and one-time access codes.

Steam is a digital games distribution platform developed by Valve. It has more than 130 million monthly active users, which use the platform to buy, download, and play computer games.

Recently, a new thread in an underground forum appeared where the hacker offered the database for $5,000. BleepingComputer was among those who analyzed the records, and claims it holds “historic SMS text message with one-time passcodes for Steam, including the recipient’s phone number”.

Was it Twilio?

However, it is unclear where EnergyWeaponUser picked the archives up. Valve is being silent for the moment. An independent games journalist MellowOnline1 believes the theft is the result of a supply chain attack, with Twilio being the most likely victim.

Twilio is a cloud communications platform that allows devs to integrate different messaging, voice, and video features. Among other things, it provides SMS and MMS messaging, which many companies use for one-time passcodes and 2FA.

However, the company told BleepingComputer that it investigated the claims and found no evidence of compromise.

“There is no evidence to suggest that Twilio was breached,” a spokesperson for the company told the publication. “We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio.”

Another possible explanation is that an intermediary SMS provider could have been breached. At press time, the actual victim was not yet confirmed. EnergyWeaponUser’s claims could not be verified at this time. However, the leaker is rather infamous, as they were previously linked with Cisco, Ford, and HPE breaches.

Steam is warning users to enable Steam Guard Mobile Authenticator and keep an eye on account activity.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/hu8VDCFtRdkPJ4X6r5S2AZ.jpg

Source link

China’s new 128-core server CPU could be AMD and Intel’s worst nightmare in the data center

The 75-inch Hisense U8N is one of the best mid-range TVs and it’s plummeted to a record-low price – save $500

Chinese energy tech exports found to contain hidden comms and radio devices

Amazon just launched a massive pre-Memorial Day sale – appliances, TVs, and tools that I’d buy from $19.99

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Two bullish signs: S&P 500 tips positive for the year and the Nasdaq sees a successful IPO

Wood Mackenzie sees challenges meeting gas power demand over next 15 years

Two bullish signs: S&P 500 tips positive for the year and the Nasdaq sees a successful IPO

Stock market today: S&P 500 closes higher as tech continues to lead recovery

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown

Two bullish signs: S&P 500 tips positive for the year and the Nasdaq sees a successful IPO

Wood Mackenzie sees challenges meeting gas power demand over next 15 years

Two bullish signs: S&P 500 tips positive for the year and the Nasdaq sees a successful IPO

China’s new 128-core server CPU could be AMD and Intel’s worst nightmare in the data center

Leave a reply Cancel reply