I'm Resetting My Steam Password and Enabling Steam Guard

A hacker called Machine1337 is marketing a dataset of 89 million Steam users’ records on the dark web, according to reports.
It is believed the data is being sold for $5,000 and originates from Twilio, the third-party provider Steam uses to send its two-factor authentication (2FA) codes via SMS.
Independent journalist Mellow_Online1, who first highlighted the story, claims the sample data provided by the hacker appears to be correct.
They urged users to be cautious, particularly when it comes to potential phishing scams, and to protect their details by changing their passwords and activating Steam Guard, the platform’s two-factor authentication.
At the time of writing, there has been no official confirmation of a Twilio breach, although its parent company SendGrid suffered a breach in 2025.
Authy, Twilio’s 2FA app, was also breached in 2024.

Fast Feed