Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown

• EnergyWeaponUser advertised a new archive on the dark web
• They claim it holds phone numbers and OTP codes for Steam
• Some researchers claim the archive came from Twilio, but the company denied having been breached

EnergyWeaponUser, a known cybercriminal and leaker, is selling a new database which, they claim, holds more than 89 million Steam user records, phone numbers, and one-time access codes.

Steam is a digital games distribution platform developed by Valve. It has more than 130 million monthly active users, which use the platform to buy, download, and play computer games.

Recently, a new thread in an underground forum appeared where the hacker offered the database for $5,000. BleepingComputer was among those who analyzed the records, and claims it holds “historic SMS text message with one-time passcodes for Steam, including the recipient’s phone number”.

TechRadar Pro readers can get 60% off Premium Plans ...